[Secure-testing-team] Bug#842121: 389-ds-base: CVE-2016-5405: Password verification vulnerable to timing attack
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 26 04:31:11 UTC 2016
Source: 389-ds-base
Version: 1.3.5.13-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for 389-ds-base. The
information though is very scarce, can you try to find more out about
upstream report and/or fix?
CVE-2016-5405[0]:
Password verification vulnerable to timing attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5405
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1358865
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list