[Secure-testing-team] Bug#873281: krb5: CVE-2017-7562
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 26 05:31:24 UTC 2017
Source: krb5
Version: 1.12.1+dfsg-19
Severity: important
Tags: security upstream
Forwarded: https://github.com/krb5/krb5/pull/694
Hi,
the following vulnerability was published for krb5.
CVE-2017-7562[0]:
Make certauth eku module restrictive-only
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7562
[1] https://github.com/krb5/krb5/pull/694
Please adjust the affected versions in the BTS as needed, unless
completely mistaken this goes at least as well back to the version in
jessie. But it's not as bad and think does not warrant a DSA, if I
understand correctly.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list