Opened 3 days ago
Closed 2 days ago
#20000 closed enhancement (fixed)
krb5-1.21.3 (mit kerberos)
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 2 days ago
comment:2 by , 2 days ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 2 days ago
Major changes in 1.21.3 (2024-06-26)
- Fix vulnerabilities in GSS message token handling [CVE-2024-37370, CVE-2024-37371].
- Fix a potential bad pointer free in krb5_cccol_have_contents().
- Fix a memory leak in the macOS ccache type.
CVE-2024-32370 Detail
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.
CVE-2024-37671 Detail
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.
comment:4 by , 2 days ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits:
a9316ac749 Update to krb5-1.21.3 (Security Update). ca25155ef7 Update to xmlto-0.0.29. 341a3cf6a5 Update to btrfs-progs-v6.9.2. 6310855342 Update to kirigami-addons-1.3.0.
Note:
See TracTickets
for help on using tickets.
Annoyingly the sed for removing test 12 is still needed for a clean test result.
I've reported it as https://krbdev.mit.edu/rt/Ticket/Display.html?id=9129.