[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] update request for krb5 for significant interop and security issues

On Wed, 2011-03-16 at 11:58 -0400, Sam Hartman wrote:
> I'd like permission to upload the following patch to  s-p-u.
> I've coordinated with the security team for the security issues and our
> mutual agreement is that they should be addressed in a point release.

Apologies for the slightly delay in getting back to you while we were
getting the point release finalised and, well, released.

> +krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low
> +
> +  * Fix double free with pkinit on KDC, CVE-2011-0284, Closes: #618517
> +  * Updated Danish debconf translations, thanks  Joe Dalton, Closes:
> +    #584282
> +  * KDC/LDAP DOS    (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282,
> +    Closes: #613487
> +  * Fix delegation of credentials against Windows servers; significant
> +    interoperability issue, Closes: #611906

Based on a process of elimination, this is the changes to
lib/crypto/krb/checksum/hmac_md5.c and
lib/gssapi/krb5/init_sec_context.c ?

> +# Dansih translation krb5.


> +"Content-Type: text/plain; charset=ISO-8859-1\n"
> +"Content-Type: text/plain; charset=UTF-8\n"
> -msgstr "Sætter et Kerberos-rige op"
> +msgstr "Sætter et Kerberos-rige op"

The encoding here (and in a few other places) looks broken, although I
note that the equivalent sections of the file in unstable seem okay.  Is
this purely a mail transmission issue, or with the .po file itself in
the proposed package?



Reply to: