-
krb5 (1.9.1+dfsg-1ubuntu2.3) oneiric-security; urgency=low
* SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
- src/kdc/kdc_preauth.c, src/kdc/kdc_util.c,
src/lib/kdb/kdb_default.c: initialize pointers both at allocation
and assignment time
- CVE-2012-1015
* SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
- src/lib/kadm5/srv/svr_principal.c: check for null password
- CVE-2012-1013
-- Steve Beattie <email address hidden> Mon, 23 Jul 2012 22:14:04 -0700
-
krb5 (1.9.1+dfsg-1ubuntu2.2) oneiric-security; urgency=low
* SECURITY UPDATE: fix kdc denial of service issue:
- src/kdc/do_tgs_req.c: check for NULL pointer after
calling find_alternate_tgs()
- src/kdc/Makefile.in, src/kdc/t_emptytgt.py: add testcase
- applied inline
- CVE-2011-1530, MITKRB5-SA-2011-007
-- Steve Beattie <email address hidden> Fri, 02 Dec 2011 11:01:02 -0800
-
krb5 (1.9.1+dfsg-1ubuntu2.1) oneiric-proposed; urgency=low
* src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow
clients to work against older versions of KDCs that don't support the
"canonicalize" option. LP: #874130.
-- Steve Langasek <email address hidden> Tue, 18 Oct 2011 18:40:10 -0700
-
krb5 (1.9.1+dfsg-1ubuntu2) oneiric-proposed; urgency=low
* src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow
clients to work against older versions of KDCs that don't support the
"canonicalize" option. LP: #874130.
-- Steve Langasek <email address hidden> Fri, 14 Oct 2011 15:00:48 -0700
-
krb5 (1.9.1+dfsg-1ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: fix multiple kdc DoS issues:
- db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
ldap/libkdb_ldap/lockout.c:
+ more strict checking for null pointers
+ disable assert iand return when db is locked
+ applied inline
- CVE-2011-1527, CVE-2011-1528, and CVE-2011-1529
*
-- Steve Beattie <email address hidden> Mon, 10 Oct 2011 11:11:47 -0700
-
krb5 (1.9.1+dfsg-1ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- Build for multiarch, with pre-depends on multi-arch support virtual package.
- Add Breaks: on old versions fo external packages (i.e., ssd) using
/usr/lib/krb5 due to the path tranisition
krb5 (1.9.1+dfsg-1) unstable; urgency=low
* New upstream version
* Fix g_make_token_header when no token type is passed
* Support absolute paths for GSS-API mechanisms
* Add gss_authorize_localname, gss_userok, gss_pname_to_uid
* Fix gss_acquire_cred handling with empty mech set; fix
accept_sec_context handling in this case too
* Permit importing anonymous name with empty buffer
* New Translations:
- Dutch: Thanks Vincent Zweije, Closes: #624173
- Danish, Thanks Joe Dalton, Closes: #626530
* Fix kadmin free of null pointer on change password, Closes: #622681
krb5 (1.9+dfsg-2) unstable; urgency=low
* In the interest of testing other GSS-API mechanisms it is desirable to
install the gss-server and gss-client application. These are useful to
people developing new GSS-API mechanisms within Debian.
-- Chuck Short <email address hidden> Sat, 04 Jun 2011 07:43:48 +0100
-
krb5 (1.9+dfsg-1ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- Build for multiarch, with pre-depends on multi-arch support virtual package.
- Add Breaks: on old versions fo external packages (i.e., ssd) using
/usr/lib/krb5 due to the path tranisition.
krb5 (1.9+dfsg-1) unstable; urgency=low
* New upstream version
* Pull in krb5 1.9 branch as of 03/16/2011
- Include updates in 1.8.3+dfsg-4, 1.8.3+dfsg-5, 1.8.3+dfsg-6
- Include fixes for trace logging
* Since Debian does not and will not ever build with edirectory
support, remove documentation of edirectory commands from the man
page. Closes: #580502
* Includes IPv6 support for kadmind, Closes: #595796
* Upstream 1.9 supports hooks for password change and synchronization,
Closes: #588968
* LDAP now supports stash creation after db cretaion, Closes: #484808
* Krb5 1.9 supports including files from krb5.conf, Closes: #429692
krb5 (1.9+dfsg~beta2-1) experimental; urgency=low
* New upstream release
* Fix default location of kpropd.acl in kpropd.M (LP: #688464)
* Ignore PACs without a server signature generated by OS X Open
Directory rather than failing authentication, Closes: #604925
* New exported API: krb5_tkt_creds_get
krb5 (1.9+dfsg~beta1-1) experimental; urgency=low
* New upstream release
* No longer use symbols files for libkadm5 ad libkdb5: these libraries
change very rapidly and tend to change soname each major release.
Symbols files will be introduced if they make sense again.
* Update symbols for libkrb5-3: note that several internal functions
have disappeared. These functions were not part of the public ABI
which remains stable
* Update library package names based on soname changes
krb5 (1.8.3+dfsg-6) unstable; urgency=low
* Fix double free with pkinit on KDC, CVE-2011-0284, Closes: #618517
* Updated Danish debconf translations, thanks Joe Dalton, Closes:
#584282
-- Chuck Short <email address hidden> Mon, 02 May 2011 16:23:50 +0100
-
krb5 (1.8.3+dfsg-5ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
pointer.
- src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
- CVE-2011-0285
- MITKRB5-SA-2011-004
-- Kees Cook <email address hidden> Mon, 18 Apr 2011 15:38:18 -0700
-
krb5 (1.8.3+dfsg-5ubuntu2) natty; urgency=low
* FFe LP: #733501
* Build for multiarch, with pre-depends on multiarch-support virtual
package.
* Add Breaks: on old versions of external packages (i.e., sssd) using
/usr/lib/krb5 due to the path transition.
-- Steve Langasek <email address hidden> Sat, 19 Mar 2011 04:15:00 -0700