-
krb5 (1.12.1+dfsg-10ubuntu0.1) utopic-security; urgency=medium
* SECURITY UPDATE: use-after-free and double-free memory access
violations
- debian/patches/CVE-2014-5352.patch: properly handle context deletion
in src/lib/gssapi/krb5/context_time.c,
src/lib/gssapi/krb5/export_sec_context.c,
src/lib/gssapi/krb5/gssapiP_krb5.h,
src/lib/gssapi/krb5/gssapi_krb5.c,
src/lib/gssapi/krb5/inq_context.c,
src/lib/gssapi/krb5/k5seal.c,
src/lib/gssapi/krb5/k5sealiov.c,
src/lib/gssapi/krb5/k5unseal.c,
src/lib/gssapi/krb5/k5unsealiov.c,
src/lib/gssapi/krb5/lucid_context.c,
src/lib/gssapi/krb5/prf.c,
src/lib/gssapi/krb5/process_context_token.c,
src/lib/gssapi/krb5/wrap_size_limit.c.
- CVE-2014-5352
* SECURITY UPDATE: denial of service via LDAP query with no results
- debian/patches/CVE-2014-5353.patch: properly handle policy name in
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.
- CVE-2014-5353
* SECURITY UPDATE: denial of service via database entry for a keyless
principal
- debian/patches/CVE-2014-5354.patch: support keyless principals in
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
- CVE-2014-5354
* SECURITY UPDATE: denial of service or code execution in kadmind XDR
data processing
- debian/patches/CVE-2014-9421.patch: fix double free in
src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c.
- CVE-2014-9421
* SECURITY UPDATE: impersonation attack via two-component server
principals
- debian/patches/CVE-2014-9422.patch: fix kadmind server validation in
src/kadmin/server/kadm_rpc_svc.c.
- CVE-2014-9422
* SECURITY UPDATE: gssrpc data leakage
- debian/patches/CVE-2014-9423.patch: fix leakage in
src/lib/gssapi/mechglue/mglueP.h, src/lib/rpc/svc_auth_gss.c.
- CVE-2014-9423
-- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 15:15:07 -0500
-
krb5 (1.12.1+dfsg-10) unstable; urgency=medium
* Import upstream's patch for CVE-2014-5351, Closes: #762479
-- Benjamin Kaduk <email address hidden> Mon, 22 Sep 2014 14:53:33 -0400
-
krb5 (1.12.1+dfsg-7) unstable; urgency=high
* Apply upstream's patch for CVE-2014-4345 (MITKRB5-SA-2014-001), buffer
overrun in kadmind with LDAP backend, Closes: #757416
-- Benjamin Kaduk <email address hidden> Thu, 07 Aug 2014 18:33:37 -0400
-
krb5 (1.12.1+dfsg-6) unstable; urgency=medium
[ Benjamin Kaduk ]
* Apply upstream's patch to switch to TAILQ macros instead of CIRCLEQ macros,
to work around an issue with certain gcc versions. This is expected to
resolve Ubuntu bug (LP: #1347147).
[ Sam Hartman ]
* Include a quick and dirty patch so we build cleanly with -O3 fixing
incorrect may be uninitialized warnings.
-- Benjamin Kaduk <email address hidden> Tue, 29 Jul 2014 17:05:37 -0400
-
krb5 (1.12.1+dfsg-3ubuntu1) utopic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules: force -O2 to work around build failure with -O3
on ppc64el (see
https://pad.lv/ubuntu/+source/krb5/1.12+dfsg-2ubuntu1/+build/5600781)
krb5 (1.12.1+dfsg-3) unstable; urgency=high
* High urgency to revert some changes in the previous version that got
into testing. Unfortunately moving krb5-config into krb5-multidev
breaks some -Werror builds, so we'll revert until we can work out what
to do, Closes: #751760
* Revert krb5-config to krb5-multidev, reintroduces: #745322
* Remove -I and -L from krb5-config, Reintroduces: #730837
* Remove pkgconfig paths that include mit-kerberos, Reintroduces: #750041
krb5 (1.12.1+dfsg-2) unstable; urgency=low
[ Jelmer Vernooij ]
* Provide -L and -I flags from krb5-config. Closes: #730837
* Ship krb5-config.mit binary in krb5-multidev., Closes: #745322
* Provide -L and -I flags from pkg-config files. Closes: #750041
[ Sam Hartman ]
* Include upstream patch to load gss mechanisms from /etc/gss/mech.d,
Closes: #673680
* Sysconfdir explicitly set to /etc
* Include ubuntu change to permit libverto-libevent1 (not currently
built in Debian) as an alternative for the KDC. For now just
reduces diff with Ubuntu. Next libverto upload will probably start
building that for Debian too.
* Do not cause endless loop when a mechanism fails to include
gss_add_cred_from or other new methods (upstream #7926)
* Include /etc/gss/mech.d/README
* Low urgency to give extra time in unstable
* Update symbols for gss_indicate_mechs
-- Michael Vogt <email address hidden> Fri, 11 Jul 2014 14:41:11 +0200
-
krb5 (1.12.1+dfsg-1ubuntu1) utopic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add alternate dependency on libverto-libevent1 as that's the
package ABI name in ubuntu.
- debian/rules: force -O2 to work around build failure with -O3.
* drop transitional libkadm5srv-mit8 package
krb5 (1.12.1+dfsg-1) unstable; urgency=low
[ Sam Hartman ]
* New upstream version
* Move gbp.conf to debian
[ Benjamin Kaduk ]
* Pull in upstream patch to put OTP sockets in /run by default
* Pull in upstream patch to avoid duplicate "/etc/krb5.conf" in profile
path, so we can safely set sysconfdir to /etc
-- Michael Vogt <email address hidden> Wed, 30 Apr 2014 14:27:28 +0200
-
krb5 (1.12+dfsg-2ubuntu4) trusty; urgency=low
* Add transitional libkadm5srv-mit8 package to help libapt
calculating the upgrade (LP: #1304403) to trusty.
This transitional package can be dropped once trusty is
released.
-- Michael Vogt <email address hidden> Wed, 09 Apr 2014 11:11:43 +0200