Your message dated Thu, 13 Mar 2025 07:19:20 +0000
with message-id <[email protected]>
and subject line Bug#1094730: fixed in krb5 1.21.3-5
has caused the Debian Bug report #1094730,
regarding krb5: CVE-2025-24528
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1094730: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: krb5
Version: 1.21.3-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for krb5.
CVE-2025-24528[0]:
| Prevent overflow when calculating ulog block size
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-24528
https://www.cve.org/CVERecord?id=CVE-2025-24528
[1] https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: krb5
Source-Version: 1.21.3-5
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Feb 2025 17:12:14 +0000
Source: krb5
Architecture: source
Version: 1.21.3-5
Distribution: unstable
Urgency: medium
Maintainer: Sam Hartman <[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1094730
Changes:
krb5 (1.21.3-5) unstable; urgency=medium
.
* Non-maintainer upload with maintainer agreement.
* Fix CVE-2025-24528: Prevent overflow when calculating
ulog block size (Closes: #1094730)
Checksums-Sha1:
de2952906b70cbb9db4df107f788241c707b99d4 3983 krb5_1.21.3-5.dsc
3e383bbe88cbed56bdad4ba655c40abf0e961cf7 9136145 krb5_1.21.3.orig.tar.gz
bba46878ffc67fcd96821cd7b8f451b5b1b2f475 833 krb5_1.21.3.orig.tar.gz.asc
6796cf7d9aa28564b70b6066e158a9d52f736fde 104424 krb5_1.21.3-5.debian.tar.xz
1deb6343c52b9f5c8447fde11f8e13b4f4b1ce8f 21065 krb5_1.21.3-5_amd64.buildinfo
Checksums-Sha256:
88e736b6439d0fe30317ae7c38c3093b7139f1b7709997debe28d756f92de353 3983
krb5_1.21.3-5.dsc
b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35 9136145
krb5_1.21.3.orig.tar.gz
85047c935fe949ef2e275885451b168557b923dd13a5aab0ef8fe6acd27b94d7 833
krb5_1.21.3.orig.tar.gz.asc
521fdfaf5cda93a64cc70afd357dc31ea6f4128ff5a489b036b58887eceddd46 104424
krb5_1.21.3-5.debian.tar.xz
c2ab365f82fd94470edba8a878be2b94b9c738f006585497d5e3b8090ee7e9e4 21065
krb5_1.21.3-5_amd64.buildinfo
Files:
a69eeda1a5f5d8f517efbc3ec380a683 3983 net optional krb5_1.21.3-5.dsc
beb34d1dfc72ba0571ce72bed03e06eb 9136145 net optional krb5_1.21.3.orig.tar.gz
cc604e5e51a7c3c314751c68c0cd5a09 833 net optional krb5_1.21.3.orig.tar.gz.asc
231bd73a512fd69958e248b04071c7bc 104424 net optional
krb5_1.21.3-5.debian.tar.xz
31285389200f99c0c431318d9a8762f5 21065 net optional
krb5_1.21.3-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmfSJgMACgkQADoaLapB
CF+Tvg//XCgWszxTSPzJr0OG6FnN6UcKm3LckDL25/RjWspueSQe8oPQhnCQIQOp
WOdyGW/cGrpk9b/IV5/ACZfPgc50LDufk+ir4vhmxeY0VLjvOz0delj7WU9OXlB5
lOXVuqsdKOKvTEQP6OTcEdbmUwLKyqPj3/NAwaWVaiPD/7sm99ERKocBvH2cGlHt
WjQi0Xa6mgl4b2VjHGtGyc2MMSJkhrzft2vKnbwVwRu3NsDI7K/s64KRNz/V2hJ4
/TDj6IeJSQ/2zNwdWmborRd+o2CMSNP3XodmeEltiPgYbky8mNAImTannsTv0ims
tMovCpWmRH48XqZLn3LRlBduZpXidmTZ74o/1L8G27kr9yEoeG3Z+rxzVV0w+fp6
VhP9oCTirKNNXr0YDdvpdtdRpDDjfdw2LV7TTqhMhx3HMhGPJmKIBzTSsPPCIDKk
bPrL6B6M3PoewDsTsNy7xOLJjbnmmipapL4rCNUG3XLiaRee5iwLOA61/sz8N/lR
6Q2eUyeCfutKmZ6k9sVEwPk7nMPZnPAZIaqLhBawLshExYN44aGb5PFS45wKn1w7
5kib5H9Aacz0RoZ+Eyb+RSm8M39YqJ5QZKE+5VZJArBBGiiDaf8YwoF+3lYMMrdR
W6Zs/ZzEVY/i9EuYo7+GyDXBP4YzF4C5AW8N5CGLIQn3L0RmUds=
=33sc
-----END PGP SIGNATURE-----
pgpE1xMWvN8kd.pgp
Description: PGP signature
--- End Message ---
