Your message dated Wed, 27 Jun 2007 06:32:04 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#430785: CVE-2007-2798: kadmind vulnerable to buffer
overflow
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: krb5-admin-server
Severity: critical
Tags: security
Justification: root security hole
kadmind contains multiple RPC library vulnerabilities, which could lead to
a remote privilege escalation:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt
kadmind from MIT releases up to and including krb5-1.6.1 are affected.
A patch is available at the URL above.
Regards,
Dominic.
--- End Message ---
--- Begin Message ---
Version: 1.6.dfsg.1-5
Dominic Hargreaves <[EMAIL PROTECTED]> writes:
> Package: krb5-admin-server
> Severity: critical
> Tags: security
> Justification: root security hole
> kadmind contains a buffer overflow, which could lead to a remote
> privilege escalation:
> http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt
Yes, new packages were uploaded yesterday almost simultaneous with the
security advisory. The stable and oldstable security updates should be
working their way through the build process right now.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
--- End Message ---