CVE-2014-0249: The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
CVE-2015-5292: Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
Please fix it.
Last update: 2017-11-03
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.1.1 instead of