[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] krb5 changelog missing CVE



* Sam Hartman:

> Florian Weimer noticed that the krb5 changelog in squeeze was missing a
> CVE that was fixed in the patch applied.
> He proposes to make a new upload that corrects the changelog so that
> people who track security issues from the changelog will find the fix:

Sorry, there seems to be a slight misunderstanding.  The changelog was
indeed incorrect, but even that upload never made it to the archive.

To clarify, we would like to fix the issues described in this
announcement:

From: Tom Yu <tlyu@MIT.EDU>
Subject: MITKRB5-SA-2011-006 KDC denial of service vulnerabilities  [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]
To: kerberos-announce@mit.edu
Date: Tue, 18 Oct 2011 14:06:02 -0400
Message-ID: <ldvlisiuqd1.fsf@cathode-dark-space.mit.edu>

(CVE-2011-1527 does not affect squeeze.)

We already have packages built for (all?) 13 architectures.


Reply to: