>>>>> "Patrick" == Patrick C F Ernzer <[EMAIL PROTECTED]> writes:
Patrick> Hello, http://www.kb.cert.org/vuls/id/258721 states that
Patrick> krb5 is vulnerable up to and including krb5-1.2.7
Patrick> Did I miss the announcement on krb5-bugs or has there
Patrick> really been no update on your part to this so far?
We do not consider this vulnerability a particularly high priority
vulnerability. We hope to get a fix in for 1.3.
The ftp client is not something we care much about; we have discussed
dropping it from the release on krbdev. We care much more about
server side vulnerabilities than client side vulnerabilities. We care
much more about new vulnerabilities than vulnerabilities many people
have known about for a long time and lived with as an acceptable risk.
The net result is that this issue is fairly far down on our priorities
list.
--Sam
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
