testing: fail (log)
The tests ran in 0:00:52
Last run: 2019-11-17 19:35:08 UTC
Previous status: fail
Marked for autoremoval on 01 September: #966881high
Version 1.8.6-1 of openafs is marked for autoremoval from testing on Tue 01 Sep 2020. It is affected by #966881. You should try to prevent the removal by fixing these RC bugs.
Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
more than one main upstream tarballs listed.
Depends on packages which need a new maintainer
normal
The packages that openafs depends on which need a new maintainer are:
CVE-2019-18601: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
CVE-2019-18602: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
CVE-2019-18603: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
CVE-2019-18601: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
CVE-2019-18602: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
CVE-2019-18603: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/o/openafs.png){kind=link}