There are 3 open security issues in buster.
3 issues left for the package maintainer to handle:
- CVE-2019-18601:
(needs triaging)
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
- CVE-2019-18602:
(needs triaging)
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
- CVE-2019-18603:
(needs triaging)
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
You can find information about how to handle these issues in the security team's documentation.