Debian Bug report logs -
#795399
freeipa: CVE-2015-5179: non-printable characters aren't check in every case of user data
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
:
Bug#795399
; Package src:freeipa
.
(Thu, 13 Aug 2015 17:36:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
.
(Thu, 13 Aug 2015 17:36:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: freeipa
Version: 4.0.5-5
Severity: important
Tags: security upstream
Hi Timo,
the following vulnerability was published for freeipa. I cannot easily
test it for older version 4.0.5, could you confirm that?
CVE-2015-5179[0]:
non-printable characters aren't check in every case of user data
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5179
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
:
Bug#795399
; Package src:freeipa
.
(Thu, 24 Sep 2015 15:09:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Aaltonen <tjaalton@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
.
(Thu, 24 Sep 2015 15:09:12 GMT) (full text, mbox, link).
Message #10 received at 795399@bugs.debian.org (full text, mbox, reply):
On 13.08.2015 20:33, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.0.5-5
> Severity: important
> Tags: security upstream
>
> Hi Timo,
>
> the following vulnerability was published for freeipa. I cannot easily
> test it for older version 4.0.5, could you confirm that?
>
> CVE-2015-5179[0]:
> non-printable characters aren't check in every case of user data
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-5179
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1252567
all versions are affected, but seems like it's not going to be fixed too
soon:
https://fedorahosted.org/freeipa/ticket/5153
--
t
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>
:
You have taken responsibility.
(Sun, 28 Aug 2016 23:15:28 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Sun, 28 Aug 2016 23:15:28 GMT) (full text, mbox, link).
Message #17 received at 795399-done@bugs.debian.org (full text, mbox, reply):
Version: 4.0.5-6+rm
Dear submitter,
as the package freeipa has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/835163
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 26 Sep 2016 07:37:59 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 05 Oct 2016 19:30:07 GMT) (full text, mbox, link).
Bug reopened
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 05 Oct 2016 19:30:08 GMT) (full text, mbox, link).
No longer marked as fixed in versions 4.0.5-6+rm.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 05 Oct 2016 19:30:08 GMT) (full text, mbox, link).
Unset Bug forwarded-to-address
Request was from Sandro Tosi <morph@debian.org>
to control@bugs.debian.org
.
(Wed, 13 Jun 2018 22:27:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:08:45 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.