Your message dated Fri, 02 Dec 2016 23:19:12 +0000
with message-id <[email protected]>
and subject line Bug#835131: fixed in freeipa 4.3.2-5
has caused the Debian Bug report #835131,
regarding freeipa: CVE-2016-5404: Insufficient privileges check in certificate
revocation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
835131: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835131
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: freeipa
Version: 4.0.5-6
Severity: grave
Tags: security upstream
Forwarded: https://fedorahosted.org/freeipa/ticket/6232
*** /tmp/freeipa.reportbug
Package: freeipa
Severity: FILLINSEVERITY
Tags: security
Hi,
the following vulnerability was published for freeipa.
CVE-2016-5404[0]:
insufficient permission check
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5404
[1] https://fedorahosted.org/freeipa/ticket/6232
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: freeipa
Source-Version: 4.3.2-5
We believe that the bug you reported is fixed in the latest version of
freeipa, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated freeipa package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 03 Dec 2016 01:02:40 +0200
Source: freeipa
Binary: freeipa-server freeipa-server-dns freeipa-server-trust-ad
freeipa-common freeipa-client freeipa-admintools freeipa-tests python-ipaclient
python-ipalib python-ipaserver python-ipatests
Architecture: source
Version: 4.3.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
freeipa-admintools - FreeIPA centralized identity framework -- admintools
freeipa-client - FreeIPA centralized identity framework -- client
freeipa-common - FreeIPA centralized identity framework -- common files
freeipa-server - FreeIPA centralized identity framework -- server
freeipa-server-dns - FreeIPA centralized identity framework -- IPA DNS
integration
freeipa-server-trust-ad - FreeIPA centralized identity framework -- AD trust
installer
freeipa-tests - FreeIPA centralized identity framework -- tests
python-ipaclient - FreeIPA centralized identity framework -- Python modules
for ipac
python-ipalib - FreeIPA centralized identity framework -- shared Python modules
python-ipaserver - FreeIPA centralized identity framework -- Python modules
for serv
python-ipatests - FreeIPA centralized identity framework -- Python modules for
test
Closes: 835131 844114
Changes:
freeipa (4.3.2-5) unstable; urgency=medium
.
* fix-cve-2016-5404.diff: Fix permission check bypass (Closes: #835131)
- CVE-2016-5404
* ipa-kdb-support-dal-version-5-and-6.diff: Support mit-krb5 1.15.
(Closes: #844114)
Checksums-Sha1:
a96f1ab18c2f2f23bb5adc667615e1b935443968 3439 freeipa_4.3.2-5.dsc
26e8f1d4a63f294ca266c9ed4f788f56c1821dea 335520 freeipa_4.3.2-5.debian.tar.xz
Checksums-Sha256:
0673eb77786832ff570fdadf40a148ab60938a0e7e7562b2266b47999e215b6e 3439
freeipa_4.3.2-5.dsc
42a52d3e73409b33a7d108178d547b9197da35e37ad3699e7ac0b87e5053d2a1 335520
freeipa_4.3.2-5.debian.tar.xz
Files:
d74af2f907f06dfc4a6ca96ffa97be54 3439 net extra freeipa_4.3.2-5.dsc
ac74932eb83db6ee1ac83ad8c1c8631d 335520 net extra freeipa_4.3.2-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYQf3XAAoJEMtwMWWoiYTcqoMP/RIbgHAXyxwq/iOWssvPgDS4
ZTcs/mUBV73toZmlvOoc0LHzUZHRM3kRCnyuKmAYt645z4NzFvxUH+/gynSBk81n
b+Bs7cd+KbnRgKR+e4la1rdLYK5dieTFBOEzDF3bSH2hfvB8BFl3uX/cZsS9QP+K
esdwy5iS0FlCjY4FHIwHEEJeEhAmUKQJeUnhOoI0X8c68B9rdCFXj6adJzfINEo0
jC43pfawK+Hm5pL+5MNuOmpnnYHMlR69CQQSOQlDS9X7lkKXZSSye7T5qLKStdTa
20KDwoxphDkn/wdZnxt0cCs99TnuF0/m/yzyxyXCV7bc1nukkhj8VFCvReDTVGO0
GMXEObtAqLvFaitwPHUxb6A11Yp9XRerOW5CPkH0/DLkOHoHksVaHH24/0GBVuza
P9tYTf3VPRxR3qcPy7HOcudF0HMteA1W3zEtaEWBcrYykKh1ziVkL7S7umMJM/XX
x2HiVDMLEWmWZQ6KDTMIUzfs7NTrBP31z/nrcxcGAHceSUrOJ3XuaZvmZ3JNJt1I
vJsGbKdBR7gAnd+io0WQsCb35i9Qiyo/xY/fS4ifDQeB6J2EV0Dne+RSFqINl4ih
bFrf4yWUttzxkUd+5kLFbIdb3VeHLUSnjMD4PytXQMqPln+k4+fe+9n0hzIkdkL+
ZvsmfBxFHWN81IIvMvSL
=nMeT
-----END PGP SIGNATURE-----
--- End Message ---
