[Bug 1716429] Re: pykerberos for trusty does not include CVE-2015-3206 fix

Launchpad Bug Tracker Tue, 06 Feb 2018 08:56:35 -0800

This bug was fixed in the package pykerberos - 1.1+svn10616-2ubuntu0.1

---------------
pykerberos (1.1+svn10616-2ubuntu0.1) trusty-security; urgency=medium


  * SECURITY UPDATE: The checkPassword function does not authenticate the
    KDC it attempts to communicate with (LP: #1716429)
    - Add-KDC-authenticity-verification-support-CVE-2015-3206.patch
      retrieved from xenial version (1.1.5-2build1).
    - CVE-2015-3206
    - debian/NEWS: add explanation of issue and default chosen

 -- Mathieu Lafon <mla...@gmail.com>  Thu, 05 Oct 2017 09:32:55 +0200

** Changed in: pykerberos (Ubuntu Trusty)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716429

Title:
  pykerberos for trusty does not include CVE-2015-3206 fix

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pykerberos/+bug/1716429/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716429] Re: pykerberos for trusty does not include CVE-2015-3206 fix

Reply via email to