[Secure-testing-commits] r34384 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu May 21 14:01:09 UTC 2015
Author: carnil
Date: 2015-05-21 14:01:09 +0000 (Thu, 21 May 2015)
New Revision: 34384
Modified:
data/CVE/list
Log:
add CVE-2015-3206/pykerberos
NOTE: originally assigned for python-kerberos. Not really clear if the
same CVE can be used for the for pykerberos which added in commit
02d13860b25fab58e739f0e000bed0067b7c6f9c the support for KDC
verification.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-21 13:58:34 UTC (rev 34383)
+++ data/CVE/list 2015-05-21 14:01:09 UTC (rev 34384)
@@ -2076,8 +2076,12 @@
RESERVED
CVE-2015-3207
RESERVED
-CVE-2015-3206
+CVE-2015-3206 [checkPassword() does not verify KDC authenticity]
RESERVED
+ - pykerberos <unfixed>
+ NOTE: CVE originally assigned for python-kerberos, pykerberos is a fork of the
+ NOTE: former.
+ NOTE: KDC verification support in pykerberos added in https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c
CVE-2015-3205
RESERVED
CVE-2015-3204
More information about the Secure-testing-commits
mailing list