On 02/12/2010 12:58, Sam Hartman wrote:
Changelog attached.
krb5 (1.8.3+dfsg-3) unstable; urgency=emergency
* MITKRB5-SA-2010-007
* CVE-2010-1324: An unauthenticated attacker can inject arbitrary
content into an existing GSS connection that appears to be integrity
protected from the legitimate peer under some circumstances
* GSS applications may accept a PAC produced by an attacker as if it
were signed by a KDC
* CVE-2010-1323: attackers have a 1/256 chance of being able to
produce krb_safe messages that appear to be from legitimate remote
sources. Other than use in KDC database copies this may not be a
huge issue only because no one actually uses krb_safe
messages. Similarly, an attacker can force clients to display
challenge/response values of the attacker's choice.
* CVE-2010-4020: An attacker may be able to generate what is
accepted as a ad-signedpath or ad-kdc-issued checksum with 1/256
probability
* New Vietnamese debconf translations, Thanks Clytie Siddall,
Closes: #601533
* Update standards version to 3.9.1 (no changes required
-- Sam Hartman<[email protected]> Sat, 20 Nov 2010 14:50:54 -0500
I unblocked this one yesterday. It's not yet built on mipsel though. So, it
has to wait a bit more to be able to migrate (and it has to be signed on
armel).
Regards,
--
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
