Bug 21112

Summary: perl-rt-authen-externalauth security vulnerability CVE-2017-5361
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://www.debian.org/security/2017/dsa-3883
Whiteboard:
Source RPM: perl-rt-authen-externalauth CVE: CVE-2017-5361
Status comment:

Description Zombie Ryushu 2017-06-19 10:47:32 CEST 
It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable.
Zombie Ryushu 2017-06-19 10:48:43 CEST

CVE: (none) => CVE-2017-5361

Comment 1 David Walser 2017-06-19 11:51:46 CEST 
We don't have this package.

Status: NEW => RESOLVED
Resolution: (none) => INVALID