[Git][security-tracker-team/security-tracker][master] Reference used commits for isolated fixes to address CVE-2025-3576

Thu May 8 20:12:48 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3fa6d2a by Salvatore Bonaccorso at 2025-05-08T21:12:08+02:00
Reference used commits for isolated fixes to address CVE-2025-3576

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8102,6 +8102,8 @@ CVE-2025-3576 (A vulnerability in the MIT Kerberos implementation allows GSSAPI-
 	NOTE: Since upstream 1.21 (cf. https://web.mit.edu/kerberos/krb5-1.21/) the KDC
 	NOTE: will no longer issue tickets with RC4 or triple-DES session keys unless
 	NOTE: explicitly configured with the new allow_rc4 or allow_des3 variables respectively.
+	NOTE: https://github.com/krb5/krb5/commit/1b57a4d134bbd0e7c52d5885a92eccc815726463
+	NOTE: https://github.com/krb5/krb5/commit/2cbd847e0e92bc4e219b65c770ae33f851b22afc
 CVE-2025-3573 (Versions of the package jquery-validation before 1.20.0 are vulnerable ...)
 	- civicrm <unfixed> (bug #1103445)
 	[bullseye] - civicrm <postponed> (Minor Issue; XSS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3fa6d2a73e8bdb58dbf7f5826946b15e6606ef2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3fa6d2a73e8bdb58dbf7f5826946b15e6606ef2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/ff656c7a/attachment-0001.htm>
