Package: yubiserver Severity: grave Version: 0.5-2 Tags: security Hi,
the following vulnerabilities were published for yubiserver. CVE-2015-0843[0]: Buffer overflows due to misuse of sprintf CVE-2015-0842[1]: SQL injection issues (potential auth bypass) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0843 [1] https://security-tracker.debian.org/tracker/CVE-2015-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0842 N.b. this bug is meant to track the fixing of the vulnerabilities in stable (and oldstable, if it applies). Please refer to the following page to learn how to prepare a stable security update: https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
