Hi, On Thu, Aug 20, 2015 at 11:15:01AM +0200, Moritz Muehlenhoff wrote: > Source: pykerberos > Severity: important > Tags: security > > CVE-2015-3206 was assigned to the fact that pykerberos doesn't > validate the authenticity of the KDC in checkPassword(). Fix > is here: > https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c.patch > > For unstable we should probably enable it by default and keep > the status quo for earlier releases.
Agreed. Should this go via a security update or would you prefer a point release. I've just fixed sid and the package version in jessie is identical. Cheers, -- Guido
