Accepted krb5 1.12.1+dfsg-19+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Nov 2015 22:05:10 -0500
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: all source
Version: 1.12.1+dfsg-19+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Closes: 803083 803084 803088
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-otp - OTP plugin for MIT Kerberos
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database
libkrad-dev - MIT Kerberos RADIUS Library Development
libkrad0 - MIT Kerberos runtime libraries - RADIUS library
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Changes:
krb5 (1.12.1+dfsg-19+deb8u1) jessie-security; urgency=high
.
* Import upstream patches for four CVEs:
- CVE-2015-2695: SPNEGO context aliasing during establishment,
Closes: #803083
- CVE-2015-2696: IAKERB context aliasing during establishment,
Closes: #803084
- CVE-2015-2697: unsafe string handling in TGS processing,
Closes: #803088
- CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
* In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
and CVE-2015-2696 introduced regressions preventing the use of
gss_import_sec_context() with contexts established using IAKERB
or SPNEGO; the fixes for those regressions are included here.
Checksums-Sha1:
61673ddbd11c4616de0086869a5f0dd6377461d2 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc
d211e7d605bd992d33b7cbca1da14d68f0770258 11792370 krb5_1.12.1+dfsg.orig.tar.gz
5e694b245486d6c7faaada4fe8758acfbaec6e7e 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
4f00835bb76ac5092b64b718d057db9653aa8871 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
2d06bfb0303a2d74319cf4cf34c780b33e34ee20 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
Checksums-Sha256:
51e6242849ef2a909a56224ad08365db093a08936317dc6d8dfcb3edf67e1a8e 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc
eb29959f1e9f8d71e7401f5809daefae067296eb5b0da1176366280a16bdd784 11792370 krb5_1.12.1+dfsg.orig.tar.gz
0e61a1ba59d3f25a0a40022fd8a316c917e3c4ca9bb7b604646e949fd91d592f 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
0e8d9bf109acb5329a1a9cf1ecb5f3e9413121a8a00d3ed435b4f84486bd7d4e 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
2b43298b682f351421e7e12f259485a3adc4370a72a2d0cbd833915feb5052ee 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
Files:
e3c9d6b37935ac04cf33f08bf4aaea5e 3368 net standard krb5_1.12.1+dfsg-19+deb8u1.dsc
dd0367010b3d2385d9f23db25457a0bf 11792370 net standard krb5_1.12.1+dfsg.orig.tar.gz
d1f9a984af597b08307f41b160a73367 120776 net standard krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz
895c89bc1fc94f1917aeab6027280618 4684170 doc optional krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb
233a91de57e2e2ea4e68c17968082766 2648402 localization standard krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWO67XAAoJEAVMuPMTQ89EiNIQAJ9M25jvoua+9vXkhSIc8k5N
ETUlpaJN7d++1UzUDGCAV+2vPwxYU/68ivP69UdZQfF6np6+G0YBl5BKzB1HUnUL
TCUVKHI+u7yOiSVibJIbMcyA9h9fbao7OKeCWfHU4usLP+XQxnNH3uru0frsKoDs
so3YEw08jHJFv0prVDse3R4Vipexwm1c0gys8EtA+hLz7ErGsAQjyjdwIPNWSuj+
ydYhH+uaiGrAaE8vWTnpmB8IB8tm8IyIIyq9+3lgeFxX0BpCjMmaD6Em5uwRo12o
b/yAEUrm4aS4FnDembfuttH1QkUYO4OwVLzTDHl6pPNR0s4BkM2BbLDe9fNwyrjY
rKxzHX9NuiOytRVHVE+tn4XgnLJcqewnQlfk9kVKQh21CeD+i6EIMnv9vFm3qP4+
lfye76Al7QMWw4AreaNmxdTrGn3KND8Y/36m3vqZT+bqF2CSKxBMVQoxwu0N8u7+
ivF5atydU2jypcPnjnblkdMs+nsQdqrMVydLsb9hCiF5lVgq3tP23w/hVmMsDyS6
QP5+dadOWfKO2CCZfAPy9ZD9G3RcLc8l/UAYmMQGp67QDW9JkJ3Hx7YFY2TQPgJb
FG5go0+vNdqcV83og9/IJW0wR1retFRebLjigkgzn792mlt4+QPF6OWcZ70gUIP3
uckbN8OXLNe0XY7Y/ZCk
=P2qI
-----END PGP SIGNATURE-----
Reply to: