Source: krb5 Version: 1.17-10 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.17-3
Hi, The following vulnerability was published for krb5. CVE-2020-28196[0]: | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 | allows unbounded recursion via an ASN.1-encoded Kerberos message | because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite | lengths lacks a recursion limit. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196 [1] https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd Regards, Salvatore