[Calendarserver-maintainers] Bug#796195: CVE-2015-3206

Moritz Muehlenhoff jmm at debian.org
Thu Aug 20 09:15:01 UTC 2015


Source: pykerberos
Severity: important
Tags: security

CVE-2015-3206 was assigned to the fact that pykerberos doesn't
validate the authenticity of the KDC in checkPassword(). Fix
is here:
https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c.patch

For unstable we should probably enable it by default and keep
the status quo for earlier releases.

Cheers,
        Moritz



More information about the Calendarserver-maintainers mailing list