Re: [SRM] krb5 changelog missing CVE

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: debian-release@lists.debian.org
Subject: Re: [SRM] krb5 changelog missing CVE
From: Philipp Kern <pkern@debian.org>
Date: Wed, 4 Jan 2012 21:50:16 +0100
Message-id: <[🔎] 20120104205016.GA28453@thrall.0x539.de>
In-reply-to: <[🔎] slrnjg93j0.41s.jmm@inutil.org>
References: <[🔎] tslobukr54q.fsf@mit.edu> <[🔎] 87obuk4n7l.fsf@mid.deneb.enyo.de> <[🔎] 1325621401.19606.4.camel@jacala.jungle.funky-badger.org> <[🔎] 87k45835cx.fsf@mid.deneb.enyo.de> <[🔎] 1325626071.19606.11.camel@jacala.jungle.funky-badger.org> <[🔎] 87r4zgezes.fsf@mid.deneb.enyo.de> <[🔎] 20120104150531.GA23831@thrall.0x539.de> <[🔎] slrnjg93j0.41s.jmm@inutil.org>

On Wed, Jan 04, 2012 at 06:37:36PM +0100, Moritz Mühlenhoff wrote:
> Philipp Kern <pkern@debian.org> schrieb:
> > Why is that, given that according to the tracker, lenny isn't even
> > affected?  I'd appreciate a fix for a remote DoS of a network service
> > through security, to be honest.
> For all practical purposes the KDC is local to your trust context.

For all practical purposes you also have it open so that your roadwarriors can
get tickets.

Kind regards,
Philipp Kern
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Stable Release Manager
`. `'   xmpp:phil@0x539.de                         Wanna-Build Admin
  `-    finger pkern/key@db.debian.org

Reply to:

Follow-Ups:
- Re: [SRM] krb5 changelog missing CVE
  - From: Russ Allbery <rra@debian.org>

References:
- [SRM] krb5 changelog missing CVE
  - From: Sam Hartman <hartmans@debian.org>
- Re: [SRM] krb5 changelog missing CVE
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [SRM] krb5 changelog missing CVE
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SRM] krb5 changelog missing CVE
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [SRM] krb5 changelog missing CVE
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: [SRM] krb5 changelog missing CVE
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [SRM] krb5 changelog missing CVE
  - From: Philipp Kern <pkern@debian.org>
- Re: [SRM] krb5 changelog missing CVE
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: [SRM] krb5 changelog missing CVE
Next by Date: Re: [SRM] updating ia32-libs and ia32-libs-gtk
Previous by thread: Re: [SRM] krb5 changelog missing CVE
Next by thread: Re: [SRM] krb5 changelog missing CVE
Index(es):
- Date
- Thread