[Bug 274159] security/krb5: 1.20 is not vulnerable to CVE-2023-39975

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 29 Sep 2023 18:00:33 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274159

            Bug ID: 274159
           Summary: security/krb5: 1.20 is not vulnerable to
                    CVE-2023-39975
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: cy@FreeBSD.org
          Reporter: wollman@FreeBSD.org
             Flags: maintainer-feedback?(cy@FreeBSD.org)
          Assignee: cy@FreeBSD.org

`pkg audit` erroneously reports krb5-1.20.2 as vulnerable to CVE-2023-39975 but
this applies only to 1.21 and higher.

Fix: adjust VuXML entry a6986f0f-3ac0-11ee-9a88-206a8a720317 to exclude krb5 <
1.21.

-- 
You are receiving this mail because:
You are the assignee for the bug.