[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] libpam-oath vulnerable to replay of OTP as resul
|
From: |
Salvatore Bonaccorso |
|
Subject: |
Re: [OATH-Toolkit-help] libpam-oath vulnerable to replay of OTP as result of incorrectly parsing comments in users file? |
|
Date: |
Wed, 12 Feb 2014 14:56:08 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi Simon,
On Wed, Feb 12, 2014 at 02:32:47PM +0100, Simon Josefsson wrote:
> I have reviewed the patch and added a regression test now, thanks Bas
> and Ilkka for information. Florian, did you get a CVE number yet? If I
> get the number, I'll mention it in the NEWS file for the upcoming v2.4.1
> bugfix release.
>
> Current fix is in git:
> http://git.savannah.gnu.org/cgit/oath-toolkit.git/commit/?h=oath-toolkit-2-4-x&id=a31a1eef2dac134d397f3351206206c4b2bb5bfa
Yes there is one:
See https://security-tracker.debian.org/tracker/CVE-2013-7322 and
http://bugs.debian.org/738515.
Regards,
Salvatore