Re: [SRM] update request for krb5 for significant interop and security issues

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: debian-release@lists.debian.org
Subject: Re: [SRM] update request for krb5 for significant interop and security issues
From: Sam Hartman <hartmans@debian.org>
Date: Thu, 02 Jun 2011 14:02:30 -0400
Message-id: <[🔎] tsl4o486rih.fsf@mit.edu>
In-reply-to: <1300829383.28160.487.camel@hathi.jungle.funky-badger.org> (Adam D. Barratt's message of "Tue, 22 Mar 2011 21:29:43 +0000")
References: <tslbp1b5a72.fsf@mit.edu> <1300829383.28160.487.camel@hathi.jungle.funky-badger.org>

>>>>> "Adam" == Adam D Barratt <adam@adam-barratt.org.uk> writes:

    Adam> On Wed, 2011-03-16 at 11:58 -0400, Sam Hartman wrote:
    >> I'd like permission to upload the following patch to s-p-u.  I've
    >> coordinated with the security team for the security issues and
    >> our mutual agreement is that they should be addressed in a point
    >> release.

    Adam> Apologies for the slightly delay in getting back to you while
    Adam> we were getting the point release finalised and, well,
    Adam> released.

And sorry for my time in getting back to you.

I've just uploaded to stable.

I've included one additional fix to src/kadmin/server/schpw.c
This fixes an invalid free that was crashing kadmind.

    >> +krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low + + * Fix double
    >> free with pkinit on KDC, CVE-2011-0284, Closes: #618517 + *
    >> Updated Danish debconf translations, thanks Joe Dalton, Closes: +
    >> #584282 + * KDC/LDAP DOS (CVE-2010-4022, CVE-2011-0281, and
    >> CVE-2011-0282, + Closes: #613487 + * Fix delegation of
    >> credentials against Windows servers; significant +
    >> interoperability issue, Closes: #611906

    Adam> Based on a process of elimination, this is the changes to
    Adam> lib/crypto/krb/checksum/hmac_md5.c and
    Adam> lib/gssapi/krb5/init_sec_context.c ?
yes

    >> +# Dansih translation krb5.
    Adam>      ^^^^^^

    Adam> :-)

    Adam> [...]
    >> +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Type:
    >> text/plain; charset=UTF-8\n"
    Adam> [...]
    >> -msgstr "SÃ¦tter et Kerberos-rige op" +msgstr
    >> "SÃ?Â¦tter et Kerberos-rige op"

    Adam> The encoding here (and in a few other places) looks broken,
    Adam> although I note that the equivalent sections of the file in
    Adam> unstable seem okay.  Is this purely a mail transmission issue,
    Adam> or with the .po file itself in the proposed package?

Just mail.

    Adam> Regards,

    Adam> Adam

Reply to:

Follow-Ups:
- Re: [SRM] update request for krb5 for significant interop and security issues
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: bley: please don't hardcode Python versions
Next by Date: Bug#625792: marked as done ([britney2] Needs to be cleverer at deciding which packages to check for installability)
Previous by thread: Processed: bley: please don't hardcode Python versions
Next by thread: Re: [SRM] update request for krb5 for significant interop and security issues
Index(es):
- Date
- Thread