CVE-2016-9772: OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
CVE-2016-4536: The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
Please fix them.
Last update: 2017-09-05
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.1.0 instead of