Re: [SRM] krb5 changelog missing CVE

To: Sam Hartman <hartmans@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: [SRM] krb5 changelog missing CVE
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 03 Jan 2012 20:09:50 +0100
Message-id: <[🔎] 87obuk4n7l.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] tslobukr54q.fsf@mit.edu> (Sam Hartman's message of "Tue, 03 Jan 2012 13:51:49 -0500")
References: <[🔎] tslobukr54q.fsf@mit.edu>

* Sam Hartman:

> Florian Weimer noticed that the krb5 changelog in squeeze was missing a
> CVE that was fixed in the patch applied.
> He proposes to make a new upload that corrects the changelog so that
> people who track security issues from the changelog will find the fix:

Sorry, there seems to be a slight misunderstanding.  The changelog was
indeed incorrect, but even that upload never made it to the archive.

To clarify, we would like to fix the issues described in this
announcement:

From: Tom Yu <tlyu@MIT.EDU>
Subject: MITKRB5-SA-2011-006 KDC denial of service vulnerabilities  [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
To: kerberos-announce@mit.edu
Date: Tue, 18 Oct 2011 14:06:02 -0400
Message-ID: <ldvlisiuqd1.fsf@cathode-dark-space.mit.edu>

(CVE-2011-1527 does not affect squeeze.)

We already have packages built for (all?) 13 architectures.

Reply to:

Follow-Ups:
- Re: [SRM] krb5 changelog missing CVE
  - From: Sam Hartman <hartmans@debian.org>
- Re: [SRM] krb5 changelog missing CVE
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- [SRM] krb5 changelog missing CVE
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: Re: Proposed update to python-debian
Next by Date: [SRM] krb5 changelog missing CVE
Previous by thread: [SRM] krb5 changelog missing CVE
Next by thread: Re: [SRM] krb5 changelog missing CVE
Index(es):
- Date
- Thread