-
krb5 (1.14.3+dfsg-2ubuntu1) yakkety; urgency=medium
* d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
Cherry-pick from upstream to add SPNEGO special case for
NTLMSSP+MechListMIC. LP: #1643708.
-- Steve Langasek <email address hidden> Mon, 21 Nov 2016 17:01:33 -0800
-
krb5 (1.14.3+dfsg-2) UNRELEASED; urgency=medium
* Fix gcc -O3, thanks Ben Kaduk/Steve Langasek, Closes: #833798
* Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes:
#834035
-- Sam Hartman <email address hidden> Mon, 05 Sep 2016 21:03:14 -0400
-
krb5 (1.14.3+dfsg-1ubuntu1) yakkety; urgency=low
* Merge from Debian unstable. Remaining changes:
- Fix uninitialized variable warning on ppc64el.
krb5 (1.14.3+dfsg-1) unstable; urgency=medium
* New upstream version
- includes fix for CVE-2016-3120, Closes: #832572
* build-dep-indep on texlive-generic-extra to pick up iftex.sty after
a reshuffle, Closes: #828946
* Comment out supported_enctypes in kdc.conf to avoid including
single-DES enctypes, Closes: #806928
* Spell Build-Depends-Indep properly, Closes: #829196
-- Steve Langasek <email address hidden> Mon, 08 Aug 2016 10:14:16 -0700
-
krb5 (1.14.2+dfsg-1ubuntu1) yakkety; urgency=medium
* Fix uninitialized variable warning on ppc64el (LP: #1592841).
Thanks to Sam Hartman for the preliminary patch.
-- Steve Langasek <email address hidden> Wed, 16 Jun 2016 08:58:08 +0300
-
krb5 (1.14.2+dfsg-1) unstable; urgency=low
* New upstream version
- Includes fix for CVE-2016-3119: remote DOS with ldap for
authenticated attackers, Closes: #819468
* Fix short descriptions capitalization, Thanks Laura Arjona Reina,
Closes: #821021
* New German translation, Thanks Chris Leick, Closes: #816548
-- Sam Hartman <email address hidden> Mon, 30 May 2016 13:12:02 -0400
-
krb5 (1.13.2+dfsg-5) unstable; urgency=high
* Security Update
* Verify decoded kadmin C strings [CVE-2015-8629]
CVE-2015-8629: An authenticated attacker can cause kadmind to read
beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database. (Closes: #813296)
* Check for null kadm5 policy name [CVE-2015-8630]
CVE-2015-8630: An authenticated attacker with permission to modify a
principal entry can cause kadmind to dereference a null pointer by
supplying a null policy value but including KADM5_POLICY in the mask.
(Closes: #813127)
* Fix leaks in kadmin server stubs [CVE-2015-8631]
CVE-2015-8631: An authenticated attacker can cause kadmind to leak
memory by supplying a null principal name in a request which uses one.
Repeating these requests will eventually cause kadmind to exhaust all
available memory. (Closes: #813126)
-- Sam Hartman <email address hidden> Tue, 23 Feb 2016 08:54:09 -0500