[Pkg-freeipa-devel] Bug#768294: freeipa: CVE-2014-7828: password not required when OTP in use
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 6 10:07:00 UTC 2014
Source: freeipa
Version: 4.0.4-2
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for freeipa.
CVE-2014-7828[0]:
password not required when OTP in use
See [1] for details and upstream ticket[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-7828
[1] https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html
[2] https://fedorahosted.org/freeipa/ticket/4690
Regards,
Salvatore
More information about the Pkg-freeipa-devel
mailing list