[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of krb5?

Hi Ben,
On Mon, Jul 24, 2017 at 03:17:27PM -0500, Benjamin Kaduk wrote:
> On Sat, Jul 22, 2017 at 06:47:25PM +0200, Guido Günther wrote:
> > Dear maintainer(s),
> > 
> > The Debian LTS team would like to fix the security issues which are
> > currently open in the Wheezy version of krb5:
> > https://security-tracker.debian.org/tracker/CVE-2017-11368
> You may be interested to note the commentary on #869260 that questions
> whether a DSA is needed for this bug, as it is just a potential NULL
> dereference, and we've had a few of those that did not merit DSAs.

Thanks for the update. We don't have stable point releases where we
could aggregate minor issues for wheezy atm. So I think we should issue
a DLA.
 -- Guido

Reply to: