Your message dated Sat, 12 Aug 2017 16:17:09 +0000
with message-id <>
and subject line Bug#860767: fixed in krb5 1.15-1+deb9u1
has caused the Debian Bug report #860767,
regarding Failure to bind to addresses on some ipv4 only configurations
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
package: krb5-kdc
version: 1.15-1
severity: important
tags: fixed-upstream

krb5-kdc can fail to work at all on some systems where getaddrinfo(NULL)
returns a v6 wildcard address.
Depending on kernel modules and socket configuration, you can get
address family not supported  even though v4 is working.

You'd think that  you could then explicitly configure a wildcard
That doesn't work because pktinfo ends up not being used on an
explicitly configured wildcard address.
See upstream bugs  8530 and 8531

--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.15-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Sam Hartman <> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA256

Format: 1.8
Date: Wed, 09 Aug 2017 12:19:50 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-kpropd 
krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-k5tls krb5-doc 
libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit11 libkadm5clnt-mit11 
libk5crypto3 libkdb5-8 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales 
Architecture: source
Version: 1.15-1+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Sam Hartman <>
Changed-By: Sam Hartman <>
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-k5tls - TLS plugin for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-kpropd - MIT Kerberos key server (KDC)
 krb5-locales - internationalization support for MIT Kerberos
 krb5-multidev - development files for MIT Kerberos without Heimdal conflict
 krb5-otp   - OTP plugin for MIT Kerberos
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit11 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit11 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-8  - MIT Kerberos runtime libraries - Kerberos database
 libkrad-dev - MIT Kerberos RADIUS Library Development
 libkrad0   - MIT Kerberos runtime libraries - RADIUS library
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - debugging files for MIT Kerberos
 libkrb5-dev - headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 856307 860767 869260
 krb5 (1.15-1+deb9u1) stretch; urgency=high
   * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
     Closes: #869260
   * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
     address, and to fix handling of explicitly specified v4 wildcard
     address; regression over previous versions, Closes: #860767
   * Fix SRV lookups to respect udp_preference_limit, regression over
     previous versions with OTP, Closes: #856307
 3865bd0c4b019aef44e8fbb08cd0a875f4ab2e50 3373 krb5_1.15-1+deb9u1.dsc
 35368ab78bb847d0b23cc957bfb931e6fb45dd61 144944 
 cb69444c826f380c9d3ea7c5e6bf04105ca2fceb26ecc14b293f458f337f34c2 3373 
 f04183b2ecfd0fe488975338eb4f900d5f605c81a9ae279451ceda948d99a21c 144944 
 03dd0ab3bfb4c70bd8bea0437db65194 3373 net standard krb5_1.15-1+deb9u1.dsc
 981da9e09bcd891263f0a05d4789e7fe 144944 net standard 



--- End Message ---

Reply via email to