Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Hi Sam, hi Ben, On Mon, Oct 26, 2015 at 04:04:24PM -0400, Sam Hartman wrote: > Do I need to do anything here? > I have availability this evening and Wednesday evening. I just only added the issues to the security-tracker but have not yet looked at any of the issues closer. Can you, once you have

Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Do I need to do anything here? I have availability this evening and Wednesday evening.

Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Also, do you want to fix the not a DD problem?

Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

On Mon, 26 Oct 2015, Salvatore Bonaccorso wrote: > On Mon, 26 Oct 2015 14:26:44 -0400 (EDT) Benjamin Kaduk wrote: > > Package: libgssapi-krb5-2 > > Version: 1.8.3+dfsg-4squeeze7 > > Tags: security fixed-upstream > > > > A partially constructed GSS security context can access a

Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

On Mon, 26 Oct 2015, Sam Hartman wrote: > Do I need to do anything here? Maybe, maybe not. I am working on debdiffs for jessie and wheezy. If I remember correctly, those need to get reviewed by the security team and then uploaded to the security queue. It may make more sense for you to do the

Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

On Mon, 26 Oct 2015 14:26:44 -0400 (EDT) Benjamin Kaduk wrote: > Package: libgssapi-krb5-2 > Version: 1.8.3+dfsg-4squeeze7 > Tags: security fixed-upstream > > A partially constructed GSS security context can access a pointer as the > wrong type, generally causing a program crash.

Bug#803083: CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing

Package: libgssapi-krb5-2 Version: 1.8.3+dfsg-4squeeze7 Tags: security fixed-upstream A partially constructed GSS security context can access a pointer as the wrong type, generally causing a program crash. Fixed upstream at