Hello Timo, On Tue, Jan 03, 2017 at 12:40:10AM +0200, Timo Aaltonen wrote: > On 02.01.2017 17:45, Salvatore Bonaccorso wrote: > > Source: freeipa > > Version: 4.3.2-5 > > Severity: grave > > Tags: upstream security > > Justification: user security hole > > > > Hi, > > > > the following vulnerability was published for freeipa. Note that I'm > > not too familiar with freeipa, so just checked source wise. The code > > should be present in ipalib/plugins/certprofile.py, and according to > > the Red Hat bug [1] all freeipa versions above 4.2 should be affected. > > it contains a patch as well. > > Yes, I'm aware of these recent cve's but can't test any updates because > tomcat 8.5 broke dogtag-pki. Will need to wait for that to get fixed > first I guess, and then push 4.4.3 out.
Great, thank you for you quick feedback! Regards, Salvatore
