Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3fa6d2a by Salvatore Bonaccorso at 2025-05-08T21:12:08+02:00
Reference used commits for isolated fixes to address CVE-2025-3576
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8102,6 +8102,8 @@ CVE-2025-3576 (A vulnerability in the MIT Kerberos
implementation allows GSSAPI-
NOTE: Since upstream 1.21 (cf. https://web.mit.edu/kerberos/krb5-1.21/)
the KDC
NOTE: will no longer issue tickets with RC4 or triple-DES session keys
unless
NOTE: explicitly configured with the new allow_rc4 or allow_des3
variables respectively.
+ NOTE:
https://github.com/krb5/krb5/commit/1b57a4d134bbd0e7c52d5885a92eccc815726463
+ NOTE:
https://github.com/krb5/krb5/commit/2cbd847e0e92bc4e219b65c770ae33f851b22afc
CVE-2025-3573 (Versions of the package jquery-validation before 1.20.0 are
vulnerable ...)
- civicrm <unfixed> (bug #1103445)
[bullseye] - civicrm <postponed> (Minor Issue; XSS)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3fa6d2a73e8bdb58dbf7f5826946b15e6606ef2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3fa6d2a73e8bdb58dbf7f5826946b15e6606ef2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
