Please unblock krb5 1.8.3+dfsg-3 for DSA 2129

To: debian-release@lists.debian.org
Subject: Please unblock krb5 1.8.3+dfsg-3 for DSA 2129
From: Sam Hartman <hartmans@debian.org>
Date: Thu, 02 Dec 2010 06:58:59 -0500
Message-id: <[🔎] tsloc94tmgs.fsf@carter-zimmerman.suchdamage.org>

Changelog attached.
krb5 (1.8.3+dfsg-3) unstable; urgency=emergency

  * MITKRB5-SA-2010-007
        * CVE-2010-1324: An unauthenticated attacker can inject arbitrary
        content into an existing GSS connection that appears to be integrity
        protected from the legitimate peer under some circumstances
      * GSS applications may accept a PAC produced by an attacker as if it
        were signed by a KDC
      * CVE-2010-1323: attackers have a 1/256 chance of being able to
        produce krb_safe messages that appear to be from legitimate remote
        sources. Other than use in KDC database copies this may not be a
        huge issue only because no one actually uses krb_safe
        messages. Similarly, an attacker can force clients to display
        challenge/response values of the attacker's choice.
      * CVE-2010-4020: An attacker may be able to generate what is
        accepted as a ad-signedpath or ad-kdc-issued checksum with 1/256
        probability
  * New   Vietnamese debconf translations, Thanks Clytie Siddall,
    Closes: #601533
  * Update standards version to 3.9.1 (no changes required

 -- Sam Hartman <hartmans@debian.org>  Sat, 20 Nov 2010 14:50:54 -0500

Reply to:

Follow-Ups:
- Re: Please unblock krb5 1.8.3+dfsg-3 for DSA 2129
  - From: Mehdi Dogguy <mehdi@dogguy.org>

Prev by Date: Bug#605664: marked as done (unblock: xorg-server/2:1.7.7-10)
Next by Date: Re: Please unblock krb5 1.8.3+dfsg-3 for DSA 2129
Previous by thread: Bug#605664: marked as done (unblock: xorg-server/2:1.7.7-10)
Next by thread: Re: Please unblock krb5 1.8.3+dfsg-3 for DSA 2129
Index(es):
- Date
- Thread