Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data

Related Vulnerabilities: CVE-2015-5179  

Source

Debian Bug report logs - #795399
freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data

version graph

Package: src:freeipa; Maintainer for src:freeipa is Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 13 Aug 2015 17:36:01 UTC

Severity: important

Tags: security, upstream

Found in version freeipa/4.0.5-5

Forwarded to https://fedorahosted.org/freeipa/ticket/5153

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>:
Bug#795399; Package src:freeipa. (Thu, 13 Aug 2015 17:36:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2015 17:36:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data
Date: Thu, 13 Aug 2015 19:33:56 +0200
Source: freeipa
Version: 4.0.5-5
Severity: important
Tags: security upstream

Hi Timo,

the following vulnerability was published for freeipa. I cannot easily
test it for older version 4.0.5, could you confirm that?

CVE-2015-5179[0]:
non-printable characters aren't check in every case of user data

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-5179
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>:
Bug#795399; Package src:freeipa. (Thu, 24 Sep 2015 15:09:12 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>. (Thu, 24 Sep 2015 15:09:12 GMT) (full text, mbox, link).

Message #10 received at 795399@bugs.debian.org (full text, mbox, reply):

From: Timo Aaltonen <tjaalton@debian.org>
To: Salvatore Bonaccorso <carnil@debian.org>, 795399@bugs.debian.org
Subject: Re: [Pkg-freeipa-devel] Bug#795399: freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data
Date: Thu, 24 Sep 2015 18:07:13 +0300
On 13.08.2015 20:33, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.0.5-5
> Severity: important
> Tags: security upstream
> 
> Hi Timo,
> 
> the following vulnerability was published for freeipa. I cannot easily
> test it for older version 4.0.5, could you confirm that?
> 
> CVE-2015-5179[0]:
> non-printable characters aren't check in every case of user data
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-5179
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567

all versions are affected, but seems like it's not going to be fixed too
soon:

https://fedorahosted.org/freeipa/ticket/5153

-- 
t

Set Bug forwarded-to-address to 'https://fedorahosted.org/freeipa/ticket/5153'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 24 Sep 2015 15:15:08 GMT) (full text, mbox, link).

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sun, 28 Aug 2016 23:15:28 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sun, 28 Aug 2016 23:15:28 GMT) (full text, mbox, link).

Message #17 received at 795399-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 770495-done@bugs.debian.org,781607-done@bugs.debian.org,786411-done@bugs.debian.org,787593-done@bugs.debian.org,795399-done@bugs.debian.org,809271-done@bugs.debian.org,828303-done@bugs.debian.org,829044-done@bugs.debian.org,832334-done@bugs.debian.org,835131-done@bugs.debian.org,
Cc: freeipa@packages.debian.org, freeipa@packages.qa.debian.org
Subject: Bug#835163: Removed package(s) from unstable
Date: Sun, 28 Aug 2016 23:14:49 +0000
Version: 4.0.5-6+rm

Dear submitter,

as the package freeipa has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/835163

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 26 Sep 2016 07:37:59 GMT) (full text, mbox, link).

Bug unarchived. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 05 Oct 2016 19:30:07 GMT) (full text, mbox, link).

Bug reopened Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 05 Oct 2016 19:30:08 GMT) (full text, mbox, link).

No longer marked as fixed in versions 4.0.5-6+rm. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 05 Oct 2016 19:30:08 GMT) (full text, mbox, link).

Unset Bug forwarded-to-address Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2018 22:27:05 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://fedorahosted.org/freeipa/ticket/5153'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 28 Sep 2018 20:03:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:08:45 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started