-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rt-authen-externalauth CVE ID : CVE-2017-5361 It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable. For the stable distribution (jessie), this problem has been fixed in version 0.25-1+deb8u1. We recommend that you upgrade your rt-authen-externalauth packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllC2qdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SsOg//dmVtGlck+r2bWu+knFJgpfZEzfsUGQplU/6V7wNs0/ezY8d9+v1Ko2H6 ltqLLABZ6DqwavWjyq35tfSbgCekjzg5wXRtABn/ZCkdfb7uWqgelz+VXjUJmmV0 IyykLFa375rP0v5hoUpd7fTuWbtOuHZEPXYhV7ZGQ9LJCmiW85J6NRnIPhjXQKxO wm09vBDHlE6BKwOEp30Owfbg/ieOzH/LaEz3xIDoZEIDQP0Hr6GhY/sbH6OxbhLa /2Z4yP36KZuOWWNQ4VDQs5ofdN2zCk/dhxhhs+tlzKUaoaeA+1LptFGFHJiEhOHo af8xZ+ACYITZsfJdzzcZxUX44PKGsptvTPTw8oz0hO/wpWw9rH6BrMznjferrAhY 89XNB6hcbo3YiEjsoSvYNDuYuVeTmbhNh71dfKl6EV6q5DesDKf8E2BDUDB1WTky MqO9YxkxcG9F50jNnSYKoN8xnumr1LfoSUaKJpFq8JmmWpkh35Umo8a/bKHkrP4j 7E7fzjihlIGnk0x62veYJO7opodzwzpZAyGiwwFH/+f/9jxdaTb8T/Sa8vBYOo0T esjcJQTtKJrN1uzQDnzNwVpLUIvSKIpKTu/4+oX9NXEkMY36t5cw0YyvQPVMkBDB n/irHszGyNZu5uBmU6dnMUfRQQGaflB0pR9mCaV8YfiHVuAeA8k= =joGp -----END PGP SIGNATURE-----