On 13.08.2015 20:33, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.0.5-5
> Severity: important
> Tags: security upstream
> 
> Hi Timo,
> 
> the following vulnerability was published for freeipa. I cannot easily
> test it for older version 4.0.5, could you confirm that?
> 
> CVE-2015-5179[0]:
> non-printable characters aren't check in every case of user data
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-5179
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567

all versions are affected, but seems like it's not going to be fixed too
soon:

https://fedorahosted.org/freeipa/ticket/5153

-- 
t

Reply via email to