Source: freeipa Version: 4.0.4-2 Severity: grave Tags: security upstream patch
Hi, the following vulnerability was published for freeipa. CVE-2014-7828[0]: password not required when OTP in use See [1] for details and upstream ticket[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-7828 [1] https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html [2] https://fedorahosted.org/freeipa/ticket/4690 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
