Hi Steve,
> When debian fixed this issue [...], they left the default to off, in order to
> not break [...]
> The update for Ubuntu 12.04 LTS included this default.
You're correct about debian, but this is not exactly what is in the 12.04 LTS
update. The patch for precise has two issues:
- The default value for 'verify' in the source code (src/kerberos.c) is 1
(enabled) although pysrc/kerberos.py (only used for documentation) has
'verify=False'
- The 'verify' argument was not made optional in the PyArg_ParseTuple() call so
whatever default value was specified, the call would fail if there was not 5
parameters.
So 12.04 LTS already broke existing setups (and I was personally
impacted at that time).
The patch included in xenial has then fixes these issues:
pykerberos (1.1.5-2):
* [d3133b6] Set verify=True in docs too. This makes the docs consistent
with the default behaviour of the function.
* [792f3b6] Make verify option really optional. So far it correctly
defaulted to true but couldn't be skipped.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716429
Title:
pykerberos for trusty does not include CVE-2015-3206 fix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
