Accepted krb5 1.4.4-7etch1 (source i386 all)

To: debian-testing-changes@lists.debian.org
Subject: Accepted krb5 1.4.4-7etch1 (source i386 all)
From: Sam Hartman <hartmans@debian.org>
Date: Tue, 03 Apr 2007 21:32:11 +0000
Message-id: <[🔎] E1HYqbr-0004x0-8w@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 11 Mar 2007 19:08:52 -0400
Source: krb5
Binary: krb5-doc libkrb5-dev krb5-rsh-server krb5-user krb5-ftpd libkadm55 libkrb53 krb5-clients krb5-telnetd krb5-kdc krb5-admin-server libkrb5-dbg
Architecture: source i386 all
Version: 1.4.4-7etch1
Distribution: testing-security
Urgency: emergency
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-clients - Secure replacements for ftp, telnet and rsh using MIT Kerberos
 krb5-doc   - Documentation for MIT Kerberos
 krb5-ftpd  - Secure FTP server supporting MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-rsh-server - Secure replacements for rshd and rlogind using MIT Kerberos
 krb5-telnetd - Secure telnet server supporting MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libkadm55  - MIT Kerberos administration runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb53   - MIT Kerberos runtime libraries
Closes: 414382
Changes: 
 krb5 (1.4.4-7etch1) testing-security; urgency=emergency
 .
   * MIT-SA-2007-1: telnet allows  login as an arbitrary user when
     presented with a specially crafted username; CVE-2007-0956
   * krb5_klog_syslog has a trivial buffer overflow that can be exploited
     by network data; CVE-2007-0957.  The upstream patch is very intrusive
     because it fixes each call to syslog to have proper length checking as
     well as the actual krb5_klog_syslog internals to use vsnprintf rather
     than vsprintf.  I have chosen to only include the change to
     krb5_klog_syslog for sarge.  This is sufficient to fix the problem but
     is much smaller and less intrusive.   (MIT-SA-2007-2)
   * MIT-SA-2007-3: The GSS-API library can cause a double free if
     applications treat certain errors decoding a message as errors that
     require freeing the output buffer.  At least the gssapi rpc library
     does this, so kadmind is vulnerable.    Fix the gssapi library because
     the spec allows applications to treat errors this way.  CVE-2007-1216
   * New Japanese translation, thanks TANAKA Atushi, Closes: #414382
Files: 
 3c812c5bbd93a01103c67c50a15646be 876 net standard krb5_1.4.4-7etch1.dsc
 a675e5953bb8a29b5c6eb6f4ab0bb32a 11017910 net standard krb5_1.4.4.orig.tar.gz
 993d66c078ac0a5f6e29155c6973ee0a 1585246 net standard krb5_1.4.4-7etch1.diff.gz
 4b98ff8f04581e869209f96768c26ef5 1811728 doc optional krb5-doc_1.4.4-7etch1_all.deb
 a2f67bd332d2bc90732536606fb5af89 173608 libs optional libkadm55_1.4.4-7etch1_i386.deb
 6173bc1bb4e1ca40b911036ec34488c3 407958 libs standard libkrb53_1.4.4-7etch1_i386.deb
 2c0f795975289fdfc4254852ac5fe1c5 123794 net optional krb5-user_1.4.4-7etch1_i386.deb
 40cc5fc641d24fb1cb54d3aba24e51b0 196088 net optional krb5-clients_1.4.4-7etch1_i386.deb
 5bda94c68e5368047ed93665c734ec80 79888 net optional krb5-rsh-server_1.4.4-7etch1_i386.deb
 20aabab63e0976d38f0a72e9fa1f42d2 57822 net extra krb5-ftpd_1.4.4-7etch1_i386.deb
 17c4607112e571b22f95aa174502998c 62008 net extra krb5-telnetd_1.4.4-7etch1_i386.deb
 cef966062845545c71f5a6f84e6fdfc4 132828 net optional krb5-kdc_1.4.4-7etch1_i386.deb
 076140c9d3df111148f259a0c1aa2d34 78004 net optional krb5-admin-server_1.4.4-7etch1_i386.deb
 24d0bb8fea2a924b395126204448ea34 679676 libdevel extra libkrb5-dev_1.4.4-7etch1_i386.deb
 35fc79a9574582d3dc70e2e582300fce 1037458 libdevel extra libkrb5-dbg_1.4.4-7etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF/4wy/I12czyGJg8RAr9PAJ9qupHKwukUlwj5O/Js+e0e+bcaYgCgmvOA
oAnoTDkaJk9FViLqkuP/Y2c=
=Bsf2
-----END PGP SIGNATURE-----


Accepted:
krb5-admin-server_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-admin-server_1.4.4-7etch1_i386.deb
krb5-clients_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-clients_1.4.4-7etch1_i386.deb
krb5-doc_1.4.4-7etch1_all.deb
  to pool/main/k/krb5/krb5-doc_1.4.4-7etch1_all.deb
krb5-ftpd_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-ftpd_1.4.4-7etch1_i386.deb
krb5-kdc_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-kdc_1.4.4-7etch1_i386.deb
krb5-rsh-server_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_i386.deb
krb5-telnetd_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-telnetd_1.4.4-7etch1_i386.deb
krb5-user_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/krb5-user_1.4.4-7etch1_i386.deb
krb5_1.4.4-7etch1.diff.gz
  to pool/main/k/krb5/krb5_1.4.4-7etch1.diff.gz
krb5_1.4.4-7etch1.dsc
  to pool/main/k/krb5/krb5_1.4.4-7etch1.dsc
libkadm55_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/libkadm55_1.4.4-7etch1_i386.deb
libkrb5-dbg_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_i386.deb
libkrb5-dev_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/libkrb5-dev_1.4.4-7etch1_i386.deb
libkrb53_1.4.4-7etch1_i386.deb
  to pool/main/k/krb5/libkrb53_1.4.4-7etch1_i386.deb

Reply to:

Prev by Date: Accepted figlet 2.2.1-4.1 (amd64 sparc hppa source i386 alpha powerpc arm)
Next by Date: Testing migration summary 2007-04-03 (Tuesday)
Previous by thread: Accepted figlet 2.2.1-4.1 (amd64 sparc hppa source i386 alpha powerpc arm)
Next by thread: Testing migration summary 2007-04-03 (Tuesday)
Index(es):
- Date
- Thread