On 13.08.2015 20:33, Salvatore Bonaccorso wrote: > Source: freeipa > Version: 4.0.5-5 > Severity: important > Tags: security upstream > > Hi Timo, > > the following vulnerability was published for freeipa. I cannot easily > test it for older version 4.0.5, could you confirm that? > > CVE-2015-5179[0]: > non-printable characters aren't check in every case of user data > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-5179 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567
all versions are affected, but seems like it's not going to be fixed too soon: https://fedorahosted.org/freeipa/ticket/5153 -- t

