Le vendredi 23 mai 2025, 23:11:37 heure d’été d’Europe centrale Roberto C. Sánchez a écrit : > On Fri, May 23, 2025 at 10:42:56PM +0200, Bastien Roucaries wrote: > > Le vendredi 23 mai 2025, 21:34:26 heure d’été d’Europe centrale Roberto C. > > > > Sánchez a écrit : > > > To me, that specifically requires that the krb5 maintainers be in > > > agreement with fixing this in bookworm and then landing the fix in > > > bookworm first (since that it is already in unstable and trixie). Once > > > that happens, then we can consider landing the fix in bullseye and > > > older. Have you communicated with the maintainers of krb5 to know how > > > they feel about fixing this in bookworm? > > > > Bookworm was fixed by PU > > Can you confirm this? > > The last upload to proposed-updates was on 2025-04-14, version > 1.20.1-2+deb12u3, and it fixed CVE-2024-26462 and CVE-2025-24528. This > version was included in the recent 12.11 point release, and I do not see > a newer version anywhere that the PTS or the security tracker would be > aware of. > > Additionally, the CVE is still triaged like this: > > [bookworm] - krb5 <no-dsa> (Minor issue) > > Which would also suggest that there is nothing pending in PU at the > moment. #1104882 go ahead I should upload > > Regards, > > -Roberto
Attachment:
signature.asc
Description: This is a digitally signed message part.