Re: krb5 security vulnerabilities

To: Brian May <bam@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: krb5 security vulnerabilities
From: Ola Lundqvist <ola@inguza.com>
Date: Thu, 8 Feb 2018 19:35:13 +0100
Message-id: <[🔎] CABY6=0=dSBHbRzw-EocOnW9_bbrzR9zGzY_kGcQiFMu-rvp=HA@mail.gmail.com>
In-reply-to: <[🔎] 87eflwv5l3.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 87eflwv5l3.fsf@prune.linuxpenguins.xyz>

Hi Brian

Do you think we can be considered as "product owner"? Maybe we can try
to request access anyway.

Best regards

// Ola

On 7 February 2018 at 22:43, Brian May <bam@debian.org> wrote:
> CVE-2018-5709 points to
> https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
>
> CVE-2018-5710 points to
> https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
>
> Both these pages have the same text: "We have removed all confidential
> data for security concern.  Government organisation or product owner can
> request for the data regarding the vulnerabilities."
>
> Ok, I don't think there is anything we can do about it is this case...
> --
> Brian May <bam@debian.org>
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: krb5 security vulnerabilities
  - From: Moritz Mühlenhoff <jmm@inutil.org>

References:
- krb5 security vulnerabilities
  - From: Brian May <bam@debian.org>

Prev by Date: Better communication about spectre/meltdown
Next by Date: Re: python-crypto / pycryptodome / CVE-2018-6594
Previous by thread: krb5 security vulnerabilities
Next by thread: Re: krb5 security vulnerabilities
Index(es):
- Date
- Thread