[Pkg-freeipa-devel] Bug#795399: Bug#795399: freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data
Timo Aaltonen
tjaalton at debian.org
Thu Sep 24 15:07:13 UTC 2015
On 13.08.2015 20:33, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.0.5-5
> Severity: important
> Tags: security upstream
>
> Hi Timo,
>
> the following vulnerability was published for freeipa. I cannot easily
> test it for older version 4.0.5, could you confirm that?
>
> CVE-2015-5179[0]:
> non-printable characters aren't check in every case of user data
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-5179
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567
all versions are affected, but seems like it's not going to be fixed too
soon:
https://fedorahosted.org/freeipa/ticket/5153
--
t
More information about the Pkg-freeipa-devel
mailing list