Source: krb5 Version: 1.12.1+dfsg-19 Severity: important Tags: security upstream Forwarded: https://github.com/krb5/krb5/pull/694
Hi, the following vulnerability was published for krb5. CVE-2017-7562[0]: Make certauth eku module restrictive-only If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7562 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7562 [1] https://github.com/krb5/krb5/pull/694 Please adjust the affected versions in the BTS as needed, unless completely mistaken this goes at least as well back to the version in jessie. But it's not as bad and think does not warrant a DSA, if I understand correctly. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
