Re: [SRM] update request for krb5 for significant interop and security issues
- To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Cc: debian-release@lists.debian.org
- Subject: Re: [SRM] update request for krb5 for significant interop and security issues
- From: Sam Hartman <hartmans@debian.org>
- Date: Thu, 02 Jun 2011 14:02:30 -0400
- Message-id: <[🔎] tsl4o486rih.fsf@mit.edu>
- In-reply-to: <1300829383.28160.487.camel@hathi.jungle.funky-badger.org> (Adam D. Barratt's message of "Tue, 22 Mar 2011 21:29:43 +0000")
- References: <tslbp1b5a72.fsf@mit.edu> <1300829383.28160.487.camel@hathi.jungle.funky-badger.org>
>>>>> "Adam" == Adam D Barratt <adam@adam-barratt.org.uk> writes:
Adam> On Wed, 2011-03-16 at 11:58 -0400, Sam Hartman wrote:
>> I'd like permission to upload the following patch to s-p-u. I've
>> coordinated with the security team for the security issues and
>> our mutual agreement is that they should be addressed in a point
>> release.
Adam> Apologies for the slightly delay in getting back to you while
Adam> we were getting the point release finalised and, well,
Adam> released.
And sorry for my time in getting back to you.
I've just uploaded to stable.
I've included one additional fix to src/kadmin/server/schpw.c
This fixes an invalid free that was crashing kadmind.
>> +krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low + + * Fix double
>> free with pkinit on KDC, CVE-2011-0284, Closes: #618517 + *
>> Updated Danish debconf translations, thanks Joe Dalton, Closes: +
>> #584282 + * KDC/LDAP DOS (CVE-2010-4022, CVE-2011-0281, and
>> CVE-2011-0282, + Closes: #613487 + * Fix delegation of
>> credentials against Windows servers; significant +
>> interoperability issue, Closes: #611906
Adam> Based on a process of elimination, this is the changes to
Adam> lib/crypto/krb/checksum/hmac_md5.c and
Adam> lib/gssapi/krb5/init_sec_context.c ?
yes
>> +# Dansih translation krb5.
Adam> ^^^^^^
Adam> :-)
Adam> [...]
>> +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Type:
>> text/plain; charset=UTF-8\n"
Adam> [...]
>> -msgstr "Sætter et Kerberos-rige op" +msgstr
>> "S�¦tter et Kerberos-rige op"
Adam> The encoding here (and in a few other places) looks broken,
Adam> although I note that the equivalent sections of the file in
Adam> unstable seem okay. Is this purely a mail transmission issue,
Adam> or with the .po file itself in the proposed package?
Just mail.
Adam> Regards,
Adam> Adam
Reply to: