* Sam Hartman: > Florian Weimer noticed that the krb5 changelog in squeeze was missing a > CVE that was fixed in the patch applied. > He proposes to make a new upload that corrects the changelog so that > people who track security issues from the changelog will find the fix:
Sorry, there seems to be a slight misunderstanding. The changelog was indeed incorrect, but even that upload never made it to the archive. To clarify, we would like to fix the issues described in this announcement: From: Tom Yu <t...@mit.edu> Subject: MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529] To: kerberos-annou...@mit.edu Date: Tue, 18 Oct 2011 14:06:02 -0400 Message-ID: <ldvlisiuqd1....@cathode-dark-space.mit.edu> (CVE-2011-1527 does not affect squeeze.) We already have packages built for (all?) 13 architectures. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87obuk4n7l....@mid.deneb.enyo.de