[SRM] krb5 changelog missing CVE

To: debian-release@lists.debian.org
Cc: Florian Weimer <fw@deneb.enyo.de>
Subject: [SRM] krb5 changelog missing CVE
From: Sam Hartman <hartmans@debian.org>
Date: Tue, 03 Jan 2012 13:51:49 -0500
Message-id: <[🔎] tslobukr54q.fsf@mit.edu>

Hi.
Florian Weimer noticed that the krb5 changelog in squeeze was missing a
CVE that was fixed in the patch applied.
He proposes to make a new upload that corrects the changelog so that
people who track security issues from the changelog will find the fix:

I have updated the changelog to this:

| krb5 (1.8.3+dfsg-4squeeze5) squeeze-security; urgency=high
| 
|   *     CVE-2011-1529: null pointer dereference in KDC LDAP back end,
|     Closes: #629558
|   *     CVE-2011-1528: assertion failure in multiple KDC back ends
|     regarding account lockout
| 
|  -- Sam Hartman <hartmans@debian.org>  Wed, 19 Oct 2011 11:55:43 -0400

(squeeze3 and squeeze4 were internal versions while he was trying to get
the text right)

Would it make sense to upload this?

Reply to:

Follow-Ups:
- Re: [SRM] krb5 changelog missing CVE
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SRM] krb5 changelog missing CVE
Next by Date: Re: Inadequate source of entropy in recursive queries: maradns
Previous by thread: Processed: Re: Bug#654442: pu: package erlang/14.a-dfsg-3squeeze1
Next by thread: Re: [SRM] krb5 changelog missing CVE
Index(es):
- Date
- Thread