Re: [SRM] krb5 changelog missing CVE
* Sam Hartman:
> Florian Weimer noticed that the krb5 changelog in squeeze was missing a
> CVE that was fixed in the patch applied.
> He proposes to make a new upload that corrects the changelog so that
> people who track security issues from the changelog will find the fix:
Sorry, there seems to be a slight misunderstanding. The changelog was
indeed incorrect, but even that upload never made it to the archive.
To clarify, we would like to fix the issues described in this
From: Tom Yu <tlyu@MIT.EDU>
Subject: MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
Date: Tue, 18 Oct 2011 14:06:02 -0400
(CVE-2011-1527 does not affect squeeze.)
We already have packages built for (all?) 13 architectures.