Your message dated Mon, 25 Sep 2017 17:07:22 +0300
with message-id <f803b6c9-667e-dcfe-7359-864246f8a...@debian.org>
and subject line Re: [Pkg-freeipa-devel] Bug#849970: freeipa: CVE-2016-7030:
DoS attack against kerberized services by abusing password policy
has caused the Debian Bug report #849970,
regarding freeipa: CVE-2016-7030: DoS attack against kerberized services by
abusing password policy
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
849970: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849970
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: freeipa
Version: 4.3.2-5
Severity: grave
Tags: patch upstream security
Justification: user security hole
Forwarded: https://fedorahosted.org/freeipa/ticket/6561
Hi,
the following vulnerability was published for freeipa.
CVE-2016-7030[0]:
DoS attack against kerberized services by abusing password policy
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7030
[1] https://fedorahosted.org/freeipa/ticket/6561
[2] Upstream patch:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d92746
[3] Additional dependency:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
fixed 849970 4.4.3-1
thanks
On 02.01.2017 21:01, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.3.2-5
> Severity: grave
> Tags: patch upstream security
> Justification: user security hole
> Forwarded: https://fedorahosted.org/freeipa/ticket/6561
>
> Hi,
>
> the following vulnerability was published for freeipa.
>
> CVE-2016-7030[0]:
> DoS attack against kerberized services by abusing password policy
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-7030
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7030
> [1] https://fedorahosted.org/freeipa/ticket/6561
> [2] Upstream patch:
> https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d92746
> [3] Additional dependency:
> https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c
This was actually fixed by 4.4.3-1 upload
--
t
--- End Message ---