Ubuntu
krb5 package

Change log for krb5 package in Ubuntu

76150 of 251 results FirstLast
Superseded in trusty-updates
Superseded in trusty-security 
krb5 (1.12+dfsg-2ubuntu5.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers <email address hidden>  Wed, 11 Nov 2015 09:08:08 -0500
Obsolete in wily-updates
Obsolete in wily-security 
krb5 (1.13.2+dfsg-2ubuntu0.1) wily-security; urgency=medium

  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers <email address hidden>  Wed, 11 Nov 2015 08:36:55 -0500
Obsolete in vivid-updates
Obsolete in vivid-security 
krb5 (1.12.1+dfsg-18ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers <email address hidden>  Wed, 11 Nov 2015 08:52:46 -0500
Published in precise-updates
Published in precise-security 
krb5 (1.10+dfsg~beta1-2ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

 -- Marc Deslauriers <email address hidden>  Wed, 11 Nov 2015 09:16:52 -0500
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
krb5 (1.13.2+dfsg-4) unstable; urgency=high

  * Import upstream patches fixing regressions in the previous upload:
    - CVE-2015-2698: the patch for CVE-2015-2696 caused memory corruption
      for applications calling gss_export_sec_context() on contexts
      established using the IAKERB mechanism.
    - Supply gss_import_sec_context implementations for SPNEGO and IAKERB,
      which were not implemented due to the erroneous belief that the
      exported context tokens would be tagged with the underlying
      context's mechanism.

 -- Benjamin Kaduk <email address hidden>  Wed, 04 Nov 2015 22:47:22 -0500

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
krb5 (1.13.2+dfsg-3) unstable; urgency=high

  * Import upstream patches for three CVEs:
    - CVE-2015-2695: SPNEGO context aliasing during establishment
    - CVE-2015-2696: IAKERB context aliasing during establishment
    - CVE-2015-2697: unsafe string handling in TGS processing

 -- Benjamin Kaduk <email address hidden>  Mon, 26 Oct 2015 14:03:52 -0400

Available diffs

Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
krb5 (1.13.2+dfsg-2) unstable; urgency=medium

  * No-change rebuild to target unstable

 -- Benjamin Kaduk <email address hidden>  Thu, 25 Jun 2015 17:10:03 -0400

Available diffs

Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-20) unstable; urgency=high

  * Import upstream patch for CVE-2015-2694, Closes: #783557
  * Bump Standards-Version to 3.9.6 (no changes needed)

 -- Benjamin Kaduk <email address hidden>  Wed, 13 May 2015 14:40:36 -0400

Available diffs

Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-19) unstable; urgency=medium


  * mark systemd unit directories as optional, Closes: #780831

 -- Sam Hartman <email address hidden>  Fri, 20 Mar 2015 16:22:33 -0400

Available diffs

Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-18) unstable; urgency=high


  * Import upstream patch for CVE-2014-5355, Closes: #778647

 -- Benjamin Kaduk <email address hidden>  Wed, 18 Feb 2015 12:52:14 -0500

Available diffs

Obsolete in utopic-updates
Obsolete in utopic-security 
krb5 (1.12.1+dfsg-10ubuntu0.1) utopic-security; urgency=medium

  * SECURITY UPDATE: use-after-free and double-free memory access
    violations
    - debian/patches/CVE-2014-5352.patch: properly handle context deletion
      in src/lib/gssapi/krb5/context_time.c,
      src/lib/gssapi/krb5/export_sec_context.c,
      src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c,
      src/lib/gssapi/krb5/inq_context.c,
      src/lib/gssapi/krb5/k5seal.c,
      src/lib/gssapi/krb5/k5sealiov.c,
      src/lib/gssapi/krb5/k5unseal.c,
      src/lib/gssapi/krb5/k5unsealiov.c,
      src/lib/gssapi/krb5/lucid_context.c,
      src/lib/gssapi/krb5/prf.c,
      src/lib/gssapi/krb5/process_context_token.c,
      src/lib/gssapi/krb5/wrap_size_limit.c.
    - CVE-2014-5352
  * SECURITY UPDATE: denial of service via LDAP query with no results
    - debian/patches/CVE-2014-5353.patch: properly handle policy name in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.
    - CVE-2014-5353
  * SECURITY UPDATE: denial of service via database entry for a keyless
    principal
    - debian/patches/CVE-2014-5354.patch: support keyless principals in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
    - CVE-2014-5354
  * SECURITY UPDATE: denial of service or code execution in kadmind XDR
    data processing
    - debian/patches/CVE-2014-9421.patch: fix double free in
      src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c.
    - CVE-2014-9421
  * SECURITY UPDATE: impersonation attack via two-component server
    principals
    - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in
      src/kadmin/server/kadm_rpc_svc.c.
    - CVE-2014-9422
  * SECURITY UPDATE: gssrpc data leakage
    - debian/patches/CVE-2014-9423.patch: fix leakage in
      src/lib/gssapi/mechglue/mglueP.h, src/lib/rpc/svc_auth_gss.c.
    - CVE-2014-9423
 -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 15:15:07 -0500
Obsolete in lucid-updates
Obsolete in lucid-security 
krb5 (1.8.1+dfsg-2ubuntu0.14) lucid-security; urgency=medium

  * SECURITY UPDATE: ticket forging via old keys
    - src/lib/kadm5/srv/svr_principal.c: return only new keys
    - af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
    - CVE-2014-5321
  * SECURITY UPDATE: use-after-free and double-free memory access
    violations
    - properly handle context deletion in
      src/lib/gssapi/krb5/context_time.c,
      src/lib/gssapi/krb5/export_sec_context.c,
      src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c,
      src/lib/gssapi/krb5/inq_context.c,
      src/lib/gssapi/krb5/k5seal.c,
      src/lib/gssapi/krb5/k5sealiov.c,
      src/lib/gssapi/krb5/k5unseal.c,
      src/lib/gssapi/krb5/k5unsealiov.c,
      src/lib/gssapi/krb5/lucid_context.c,
      src/lib/gssapi/krb5/prf.c,
      src/lib/gssapi/krb5/process_context_token.c,
      src/lib/gssapi/krb5/wrap_size_limit.c.
    - 82dc33da50338ac84c7b4102dc6513d897d0506a
    - CVE-2014-5352
  * SECURITY UPDATE: denial of service via LDAP query with no results
    - src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c: properly handle
      policy name.
    - d1f707024f1d0af6e54a18885322d70fa15ec4d3
    - CVE-2014-5353
  * SECURITY UPDATE: denial of service via database entry for a keyless
    principal
    - src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: support keyless
      principals.
    - 877ad027ca2103f3ac2f581451fdd347a76b8981
    - CVE-2014-5354
  * SECURITY UPDATE: denial of service or code execution in kadmind XDR
    data processing
    - fix double free in src/lib/kadm5/kadm_rpc_xdr.c,
      src/lib/rpc/auth_gssapi_misc.c.
    - a197e92349a4aa2141b5dff12e9dd44c2a2166e3
    - CVE-2014-9421
  * SECURITY UPDATE: impersonation attack via two-component server
    principals
    - src/kadmin/server/kadm_rpc_svc.c: fix kadmind server validation.
    - 6609658db0799053fbef0d7d0aa2f1fd68ef32d8
    - CVE-2014-9422
  * SECURITY UPDATE: gssrpc data leakage
    - src/lib/rpc/svc_auth_gss.c: fix leakage.
    - 5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c
    - CVE-2014-9423
 -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 15:51:07 -0500
Superseded in trusty-updates
Superseded in trusty-security 
krb5 (1.12+dfsg-2ubuntu5.1) trusty-security; urgency=medium

  * SECURITY UPDATE: ticket forging via old keys
    - debian/patches/CVE-2014-5321.patch: return only new keys in
      src/lib/kadm5/srv/svr_principal.c.
    - CVE-2014-5321
  * SECURITY UPDATE: use-after-free and double-free memory access
    violations
    - debian/patches/CVE-2014-5352.patch: properly handle context deletion
      in src/lib/gssapi/krb5/context_time.c,
      src/lib/gssapi/krb5/export_sec_context.c,
      src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c,
      src/lib/gssapi/krb5/inq_context.c,
      src/lib/gssapi/krb5/k5seal.c,
      src/lib/gssapi/krb5/k5sealiov.c,
      src/lib/gssapi/krb5/k5unseal.c,
      src/lib/gssapi/krb5/k5unsealiov.c,
      src/lib/gssapi/krb5/lucid_context.c,
      src/lib/gssapi/krb5/prf.c,
      src/lib/gssapi/krb5/process_context_token.c,
      src/lib/gssapi/krb5/wrap_size_limit.c.
    - CVE-2014-5352
  * SECURITY UPDATE: denial of service via LDAP query with no results
    - debian/patches/CVE-2014-5353.patch: properly handle policy name in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.
    - CVE-2014-5353
  * SECURITY UPDATE: denial of service via database entry for a keyless
    principal
    - debian/patches/CVE-2014-5354.patch: support keyless principals in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
    - CVE-2014-5354
  * SECURITY UPDATE: denial of service or code execution in kadmind XDR
    data processing
    - debian/patches/CVE-2014-9421.patch: fix double free in
      src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c.
    - CVE-2014-9421
  * SECURITY UPDATE: impersonation attack via two-component server
    principals
    - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in
      src/kadmin/server/kadm_rpc_svc.c.
    - CVE-2014-9422
  * SECURITY UPDATE: gssrpc data leakage
    - debian/patches/CVE-2014-9423.patch: fix leakage in
      src/lib/gssapi/mechglue/mglueP.h, src/lib/rpc/svc_auth_gss.c.
    - CVE-2014-9423
 -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 15:26:22 -0500
Superseded in precise-updates
Superseded in precise-security 
krb5 (1.10+dfsg~beta1-2ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: ticket forging via old keys
    - debian/patches/CVE-2014-5321.patch: return only new keys in
      src/lib/kadm5/srv/svr_principal.c.
    - CVE-2014-5321
  * SECURITY UPDATE: use-after-free and double-free memory access
    violations
    - debian/patches/CVE-2014-5352.patch: properly handle context deletion
      in src/lib/gssapi/krb5/context_time.c,
      src/lib/gssapi/krb5/export_sec_context.c,
      src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c,
      src/lib/gssapi/krb5/inq_context.c,
      src/lib/gssapi/krb5/k5seal.c,
      src/lib/gssapi/krb5/k5sealiov.c,
      src/lib/gssapi/krb5/k5unseal.c,
      src/lib/gssapi/krb5/k5unsealiov.c,
      src/lib/gssapi/krb5/lucid_context.c,
      src/lib/gssapi/krb5/prf.c,
      src/lib/gssapi/krb5/process_context_token.c,
      src/lib/gssapi/krb5/wrap_size_limit.c.
    - CVE-2014-5352
  * SECURITY UPDATE: denial of service via LDAP query with no results
    - debian/patches/CVE-2014-5353.patch: properly handle policy name in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c.
    - CVE-2014-5353
  * SECURITY UPDATE: denial of service via database entry for a keyless
    principal
    - debian/patches/CVE-2014-5354.patch: support keyless principals in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
    - CVE-2014-5354
  * SECURITY UPDATE: denial of service or code execution in kadmind XDR
    data processing
    - debian/patches/CVE-2014-9421.patch: fix double free in
      src/lib/kadm5/kadm_rpc_xdr.c, src/lib/rpc/auth_gssapi_misc.c.
    - CVE-2014-9421
  * SECURITY UPDATE: impersonation attack via two-component server
    principals
    - debian/patches/CVE-2014-9422.patch: fix kadmind server validation in
      src/kadmin/server/kadm_rpc_svc.c.
    - CVE-2014-9422
  * SECURITY UPDATE: gssrpc data leakage
    - debian/patches/CVE-2014-9423.patch: fix leakage in
      src/lib/rpc/svc_auth_gss.c.
    - CVE-2014-9423
 -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 15:37:18 -0500
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-17) unstable; urgency=high


  * MITKRB5-SA-2015-001
    - CVE-2014-5352: gss_process_context_token() incorrectly frees context
    - CVE-2014-9421: kadmind doubly frees partial deserialization results
    - CVE-2014-9422: kadmind incorrectly validates server principal name  
      - CVE-2014-9423: libgssrpc server applications leak uninitialized bytes


 -- Sam Hartman <email address hidden>  Tue, 03 Feb 2015 10:29:35 -0500

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-16) unstable; urgency=medium


  * Import upstream patches for CVE-2014-5353 and CVE-2014-5354,
    Closes: #773226, Closes: #773228

 -- Benjamin Kaduk <email address hidden>  Mon, 15 Dec 2014 16:18:26 -0500

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-15) unstable; urgency=medium


  * Also apply slapd-before-kdc.conf to krb5-admin-server.service.d,
    Closes: #769710

 -- Benjamin Kaduk <email address hidden>  Fri, 21 Nov 2014 12:36:08 -0500

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-14) unstable; urgency=medium


  * The upstream patch in 1.12.1+dfsg-13 was incomplete; pull in
    another upstream patch upon which it depended, to fix the
    kfreebsd build, Closes: #768379

 -- Benjamin Kaduk <email address hidden>  Fri, 07 Nov 2014 13:17:36 -0500

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-13) unstable; urgency=medium


  * Remove the ExecReload line added in 1.12.1+dfsg-12; it is not
    a regression from the SysV init script and therefore not suitable
    for jessie post-freeze
  * Apply upstream patch to fix build on FreeBSD 10.1, Closes: #768379

 -- Benjamin Kaduk <email address hidden>  Thu, 06 Nov 2014 18:08:26 -0500

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-11) unstable; urgency=medium


  * Provide systemd service units for krb5-kdc, Partially affects: #734161
  * Provide systemd overrides to start  slapd first when krb5-kdc-ldap is
    installed, Thanks Michael Biebl, Closes: #758992
  * Provide kadmind service unit, Closes: #734161
  * Drop support for RUN_KADMIND in favor of update-rc.d disable
  * In krb5_newrealm, use service rather than calling init scripts directly

 -- Sam Hartman <email address hidden>  Mon, 20 Oct 2014 16:51:09 -0400

Available diffs

Superseded in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates) 
krb5 (1.12+dfsg-2ubuntu5) trusty; urgency=low

  * Use ADD_METHOD_NOLOOP rather than ADD_METHOD for new GSS-API entry
    points, avoids infinite recursive loop when a mechanism doesn't
    provide an entry point and does include  calls back into the mechglue
    (LP: #1326500)
  * Make libkadm5srv-mit8 be arch: any multi-arch: same to work around
    upgrade bug (LP: #1334052)
  * Use tailq macros to work around GCC 4.8 optimizer bug and prevent
    infinite loop for database propagation (LP: #1347147)
 -- Sam Hartman <email address hidden>   Wed, 30 Jul 2014 21:06:49 -0400
Superseded in vivid-release
Obsolete in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-10) unstable; urgency=medium


  * Import upstream's patch for CVE-2014-5351, Closes: #762479

 -- Benjamin Kaduk <email address hidden>  Mon, 22 Sep 2014 14:53:33 -0400

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-7) unstable; urgency=high


  * Apply upstream's patch for CVE-2014-4345 (MITKRB5-SA-2014-001), buffer
    overrun in kadmind with LDAP backend, Closes: #757416

 -- Benjamin Kaduk <email address hidden>  Thu, 07 Aug 2014 18:33:37 -0400

Available diffs

Superseded in trusty-updates
Superseded in trusty-security 
krb5 (1.12+dfsg-2ubuntu4.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid tokens
    - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
      src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
    - CVE-2014-4341
    - CVE-2014-4342
  * SECURITY UPDATE: denial of service via double-free in SPNEGO
    - debian/patches/CVE-2014-4343.patch: fix double-free in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4343
  * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
    - debian/patches/CVE-2014-4344.patch: validate REMAIN in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4344
  * SECURITY UPDATE: denial of service and possible code execution in
    kadmind with LDAP backend
    - debian/patches/CVE-2014-4345.patch: fix off-by-one in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
    - CVE-2014-4345
 -- Marc Deslauriers <email address hidden>   Fri, 08 Aug 2014 14:58:49 -0400
Superseded in lucid-updates
Superseded in lucid-security 
krb5 (1.8.1+dfsg-2ubuntu0.13) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed KRB5_PADATA_PK_AS_REQ
    AS-REQ request
    - src/plugins/preauth/pkinit/pkinit_crypto_openssl.c: don't dereference
      null pointer.
    - c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
    - CVE-2013-1415
  * SECURITY UPDATE: denial of service via crafted TGS-REQ request
    - src/kdc/do_tgs_req.c: don't pass null pointer to strlcpy().
    - 8ee70ec63931d1e38567905387ab9b1d45734d81
    - CVE-2013-1416
  * SECURITY UPDATE: multi-realm denial of service via crafted request
    - src/kdc/main.c: don't dereference a null pointer.
    - c2ccf4197f697c4ff143b8a786acdd875e70a89d
    - CVE-2013-1418
    - CVE-2013-6800
  * SECURITY UPDATE: denial of service via invalid tokens
    - src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c:
      handle invalid tokens.
    - fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
    - CVE-2014-4341
    - CVE-2014-4342
  * SECURITY UPDATE: denial of service via double-free in SPNEGO
    - src/lib/gssapi/spnego/spnego_mech.c: fix double-free.
    - f18ddf5d82de0ab7591a36e465bc24225776940f
    - CVE-2014-4343
  * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
    - src/lib/gssapi/spnego/spnego_mech.c: validate REMAIN.
    - 524688ce87a15fc75f87efc8c039ba4c7d5c197b
    - CVE-2014-4344
  * SECURITY UPDATE: denial of service and possible code execution in
    kadmind with LDAP backend
    - src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c: fix off-by-one
    - 81c332e29f10887c6b9deb065f81ba259f4c7e03
    - CVE-2014-4345
 -- Marc Deslauriers <email address hidden>   Fri, 08 Aug 2014 15:03:17 -0400
Superseded in precise-updates
Superseded in precise-security 
krb5 (1.10+dfsg~beta1-2ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted Draft 9 request
    - debian/patches/CVE-2012-1016.patch: don't check for an agility KDF
      identifier in src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2012-1016
  * SECURITY UPDATE: denial of service via malformed KRB5_PADATA_PK_AS_REQ
    AS-REQ request
    - debian/patches/CVE-2013-1415.patch: don't dereference null pointer
      in src/plugins/preauth/pkinit/pkinit_crypto_openssl.c.
    - CVE-2013-1415
  * SECURITY UPDATE: denial of service via crafted TGS-REQ request
    - debian/patches/CVE-2013-1416.patch: don't pass null pointer to
      strlcpy() in src/kdc/do_tgs_req.c.
    - CVE-2013-1416
  * SECURITY UPDATE: multi-realm denial of service via crafted request
    - debian/patches/CVE-2013-1418.patch: don't dereference a null
      pointer in src/kdc/main.c.
    - CVE-2013-1418
    - CVE-2013-6800
  * SECURITY UPDATE: denial of service via invalid tokens
    - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
      src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
    - CVE-2014-4341
    - CVE-2014-4342
  * SECURITY UPDATE: denial of service via double-free in SPNEGO
    - debian/patches/CVE-2014-4343.patch: fix double-free in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4343
  * SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
    - debian/patches/CVE-2014-4344.patch: validate REMAIN in
      src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2014-4344
  * SECURITY UPDATE: denial of service and possible code execution in
    kadmind with LDAP backend
    - debian/patches/CVE-2014-4345.patch: fix off-by-one in
      src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
    - CVE-2014-4345
 -- Marc Deslauriers <email address hidden>   Fri, 08 Aug 2014 15:02:11 -0400
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-6) unstable; urgency=medium


  [ Benjamin Kaduk ]
  * Apply upstream's patch to switch to TAILQ macros instead of CIRCLEQ macros,
    to work around an issue with certain gcc versions.  This is expected to
    resolve Ubuntu bug (LP: #1347147).

  [ Sam Hartman ]
  * Include a quick and dirty patch so we build cleanly with -O3 fixing
    incorrect may be uninitialized warnings.

 -- Benjamin Kaduk <email address hidden>  Tue, 29 Jul 2014 17:05:37 -0400
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-3ubuntu1) utopic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/rules: force -O2 to work around build failure with -O3
      on ppc64el (see
      https://pad.lv/ubuntu/+source/krb5/1.12+dfsg-2ubuntu1/+build/5600781)
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
krb5 (1.12.1+dfsg-1ubuntu1) utopic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add alternate dependency on libverto-libevent1 as that's the
      package ABI name in ubuntu.
    - debian/rules: force -O2 to work around build failure with -O3.
  * drop transitional libkadm5srv-mit8 package
Superseded in utopic-release
Published in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
krb5 (1.12+dfsg-2ubuntu4) trusty; urgency=low

  * Add transitional libkadm5srv-mit8 package to help libapt
    calculating the upgrade (LP: #1304403) to trusty.
    This transitional package can be dropped once trusty is
    released.
 -- Michael Vogt <email address hidden>   Wed, 09 Apr 2014 11:11:43 +0200
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
krb5 (1.12+dfsg-2ubuntu3) trusty; urgency=medium

  * Add missing versioned Replaces: libkadm5srv-mit8 to the libkdb5-7 package.
    Fixes upgrades from trusty. (LP: #1304403)
 -- Martin Pitt <email address hidden>   Tue, 08 Apr 2014 18:04:14 +0200
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
krb5 (1.12+dfsg-2ubuntu2) trusty; urgency=medium

  * debian/rules: force -O2 to work around build failure with -O3.
 -- Adam Conrad <email address hidden>   Mon, 17 Feb 2014 08:50:33 +0000
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
krb5 (1.12+dfsg-2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Add alternate dependency on libverto-libevent1 as that's the
      package ABI name in ubuntu.
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
krb5 (1.11.3+dfsg-3ubuntu2) trusty; urgency=low

  * Add alternate dependency on libverto-libevent1 as that's the package
    ABI name in ubuntu.
 -- Dmitrijs Ledkovs <email address hidden>   Sun, 10 Nov 2013 02:20:12 +0000
Superseded in trusty-proposed 
krb5 (1.11.3+dfsg-3ubuntu1) trusty; urgency=low

  * Add build dependency on python-lxml. Closes: #725596.
Superseded in trusty-proposed 
krb5 (1.11.3+dfsg-3) unstable; urgency=low


  [ Benjamin Kaduk ]
  * Update config.sub and config.guess, patch from upstream, Closes: #717840
  * Update Brazillian Portugese Translation, thanks Fernando Ike,
    Closes: #719726
  * Bump the version of the gssrpc_clnt_create symbol.  The routine itself
    was changed in a backwards-compatible way, but callers from the kadm5
    libraries were changed to rely on the new behavior, Closes: #718275
  * Add symbols files for the kadm5 libraries.  The KADM5 API version number
    was increased for the 1.11 release but the corresponding library sonames
    were not, so we must indicate the behavior change ourself, Closes: #716772

  [ Sam Hartman ]
  * krb5-kdc depends on libverto-libev1, work around for #652699
  * Remove krb5-kdc conflict since it's more than one release cycle old
  * Add Benjamin Kaduk to uploaders

 -- Sam Hartman <email address hidden>  Sun, 25 Aug 2013 16:48:53 -0400
Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-6.1ubuntu1) saucy; urgency=low

  * Update config.{guess,sub} for Aarch64.
 -- Matthias Klose <email address hidden>   Tue, 23 Jul 2013 22:15:04 +0200
Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-6.1) unstable; urgency=low


  * Non-maintainer upload.
  * debian/patches/texinfo-doc-fix.diff: Fix FTBFS due to texinfo changes,
    thanks to Gianluigi Tiesi <email address hidden> (Closes: #708711)

 -- Laurent Bigonville <email address hidden>  Fri, 05 Jul 2013 20:55:14 +0200

Available diffs

Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-6) unstable; urgency=high


  * Fix UDP ping-pong in kpasswd server [CVE-2002-2443], Closes: #708267

 -- Sam Hartman <email address hidden>  Tue, 14 May 2013 20:57:06 -0400

Available diffs

Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-5) unstable; urgency=high


  * Import workaround for getaddrinfo bug from upstream.  Described in
    upstream's RT 7124, Closes: #704647
  * Correct CVE number for CVE-2012-1016 in changelog and patches, Closes:
    #703457
  * Import upstream's fix for CVE-2013-1416, Closes: #704775

 -- Benjamin Kaduk <email address hidden>  Fri, 05 Apr 2013 14:36:50 -0400
Superseded in saucy-release
Obsolete in raring-release
Deleted in raring-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-4+nmu1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-1016: null pointer derefence when handling a draft9 request
    (closes: #702633).

 -- Michael Gilbert <email address hidden>  Fri, 15 Mar 2013 04:15:27 +0000

Available diffs

Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-4) unstable; urgency=high


  * KDC null pointer dereference with PKINIT, CVE-2013-1415

 -- Benjamin Kaduk <email address hidden>  Fri, 15 Feb 2013 16:07:53 -0500

Available diffs

Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
krb5 (1.10.1+dfsg-3) unstable; urgency=low


  * Kadmind crash only triggered by admin users, cve-2012-1013, Closes:
    #687647
  * Don't unload GSS-API plugins to avoid crashing applications that use
    GSS-API on systems with plugins installed, Closes: #693741

 -- Sam Hartman <email address hidden>  Mon, 19 Nov 2012 17:35:04 -0500

Available diffs

Superseded in raring-release
Obsolete in quantal-release 
krb5 (1.10.1+dfsg-2) unstable; urgency=high


  * MITKRB5-SA-2012-001 [CVE-2012-1014 CVE-2012-1015] KDC frees
    uninitialized pointers
  * Break libgssglue1 << 0.2-2 for multiarch, Closes: #680612
  * Don't free caller's principal in verify_init_creds, Closes: #512410

 -- Sam Hartman <email address hidden>  Tue, 31 Jul 2012 08:20:09 -0400

Available diffs

Superseded in precise-updates
Superseded in precise-security 
krb5 (1.10+dfsg~beta1-2ubuntu0.3) precise-security; urgency=low

  * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
    - debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both
      at allocation and assignment time
    - CVE-2012-1015, CVE-2012-1014
  * SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
    - debian/patches/krb5-CVE-2012-1013.patch: check for null password
    - CVE-2012-1013
  * SECURITY UPDATE: insufficient ACL checking on get_strings/set_string
    - debian/patches/krb5-CVE-2012-1012.patch: make the access
      controls for get_strings/set_string mirror those of
      get_principal/modify_principal
    - CVE-2012-1012
 -- Steve Beattie <email address hidden>   Thu, 26 Jul 2012 14:29:35 -0700
Superseded in lucid-updates
Superseded in lucid-security 
krb5 (1.8.1+dfsg-2ubuntu0.11) lucid-security; urgency=low

  * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
    - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c,
      src/lib/kdb/kdb_default.c: initialize pointers both at allocation
      and assignment time
    - CVE-2012-1015
  * SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
    - src/lib/kadm5/srv/svr_principal.c: check for null password
    - CVE-2012-1013
 -- Steve Beattie <email address hidden>   Mon, 23 Jul 2012 22:16:20 -0700
Obsolete in natty-updates
Obsolete in natty-security 
krb5 (1.8.3+dfsg-5ubuntu2.3) natty-security; urgency=low

  * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
    - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c,
      src/lib/kdb/kdb_default.c: initialize pointers both at allocation
      and assignment time
    - CVE-2012-1015
  * SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
    - src/lib/kadm5/srv/svr_principal.c: check for null password
    - CVE-2012-1013
 -- Steve Beattie <email address hidden>   Mon, 23 Jul 2012 22:15:03 -0700
Obsolete in oneiric-updates
Obsolete in oneiric-security 
krb5 (1.9.1+dfsg-1ubuntu2.3) oneiric-security; urgency=low

  * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
    - src/kdc/kdc_preauth.c, src/kdc/kdc_util.c,
      src/lib/kdb/kdb_default.c: initialize pointers both at allocation
      and assignment time
    - CVE-2012-1015
  * SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
    - src/lib/kadm5/srv/svr_principal.c: check for null password
    - CVE-2012-1013
 -- Steve Beattie <email address hidden>   Mon, 23 Jul 2012 22:14:04 -0700
Superseded in precise-updates
Deleted in precise-proposed (Reason: moved to -updates) 
krb5 (1.10+dfsg~beta1-2ubuntu0.2) precise-proposed; urgency=low

  * Re-introduce libkrb53 as a transitional package to libkrb5-3.
    Also revert the Conflicts against libkrb53 to the old versioned
    Break/Replaces. (LP: #1007314)
 -- Stephane Graber <email address hidden>   Wed, 18 Jul 2012 17:41:48 -0400
Superseded in precise-updates
Deleted in precise-proposed (Reason: moved to -updates) 
krb5 (1.10+dfsg~beta1-2ubuntu0.1) precise-proposed; urgency=low

  * debian/patches/preauth-context.patch: fix preauth context initialisation
    (LP: #988520).
 -- Robie Basak <email address hidden>   Tue, 15 May 2012 02:33:57 +0000
Superseded in quantal-release 
krb5 (1.10.1+dfsg-1) unstable; urgency=low


  *  New Upstream Version
    - Set display_name in gss_get_name_attribute, Closes: #658514
  * Fix use counts on preauthentication, Closes: #670457
  * Fix kadmin access controls, Closes: #670918
  * Accept NMU with longer hostname, Closes: #657027
  * Fix history from old databases, Closes: #660869
  * Fix gcc 4.6.2 may be used uninitialized warnings/errors, Closes: #672075
  * Check all keys in keytab for verifying credentials, Possibly fixes:
    #669127
  * Avoid multi-arch libpath in krb5-config, Closes: #642229
      * Debconf translations:
    - Turkish debconf Translation, Thanks Atila KOC, Closes: #659072
    - Polish, thanks Michal/ Kul/ach, Closes: #658437

 -- Sam Hartman <email address hidden>  Thu, 10 May 2012 16:32:13 -0400
Superseded in quantal-release
Published in precise-release 
krb5 (1.10+dfsg~beta1-2) unstable; urgency=low


  * Oops, actually fix build flags, Closes: #655248

 -- Sam Hartman <email address hidden>  Fri, 13 Jan 2012 17:39:34 -0500
Superseded in precise-release 
krb5 (1.10+dfsg~alpha2-1) unstable; urgency=low


  * New upstream Version

 -- Sam Hartman <email address hidden>  Tue, 27 Dec 2011 06:02:35 -0500
Superseded in precise-release 
krb5 (1.10+dfsg~alpha1-6ubuntu1) precise; urgency=low

  * fix LP: #907227 - Drop Breaks on libsmbclient to 2:3.5.11~dfsg-4ubuntu3
    since that will be the version in Ubuntu which would be built against the
    version of libkrb5-3 with the private symbols
    (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650541)
    - update debian/control
  * Mark Debian Vcs-* entries as XS-Debian-Vcs-*
    - update debian/control
 -- Micah Gersten <email address hidden>   Wed, 21 Dec 2011 03:50:56 -0600
Superseded in oneiric-updates
Superseded in oneiric-security 
krb5 (1.9.1+dfsg-1ubuntu2.2) oneiric-security; urgency=low

  * SECURITY UPDATE: fix kdc denial of service issue:
    - src/kdc/do_tgs_req.c: check for NULL pointer after
      calling find_alternate_tgs()
    - src/kdc/Makefile.in, src/kdc/t_emptytgt.py: add testcase
    - applied inline
    - CVE-2011-1530, MITKRB5-SA-2011-007
 -- Steve Beattie <email address hidden>   Fri, 02 Dec 2011 11:01:02 -0800
Superseded in precise-release 
krb5 (1.10+dfsg~alpha1-6) unstable; urgency=low


  * Fix segfault with unknown hostnames in krb5_sname_to_principal,
    Closes: #650671
  * Indicate that this library breaks libsmbclient versions that depend on
    krb5_locate_kdc, Closes: #650603, #650611

 -- Sam Hartman <email address hidden>  Thu, 01 Dec 2011 19:34:41 -0500
Superseded in precise-release 
krb5 (1.9.1+dfsg-3ubuntu1) precise; urgency=low

  * Merge from Debian testing, remaining changes:
    - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
      ldap/libkdb_ldap/lockout.c:
      + more strict checking for null pointers
      + disable assert iand return when db is locked
      + applied inline
    - CVE-2011-1527, CVE-2011-1528, and CVE-2011-1529
  * Dropped changes, included in Debian:
    - Build for multiarch, with pre-depends on multi-arch support virtual package.
    - Add Breaks: on old versions fo external packages (i.e., ssd) using
      /usr/lib/krb5 due to the path tranisition
    - src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow
      clients to work against older versions of KDCs that don't support the
      "canonicalize" option.
 -- Steve Langasek <email address hidden>   Sun, 13 Nov 2011 18:24:17 -0800
Superseded in oneiric-updates
Superseded in precise-release
Deleted in oneiric-proposed (Reason: moved to -updates) 
krb5 (1.9.1+dfsg-1ubuntu2.1) oneiric-proposed; urgency=low

  * src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow
    clients to work against older versions of KDCs that don't support the
    "canonicalize" option.  LP: #874130.
 -- Steve Langasek <email address hidden>   Tue, 18 Oct 2011 18:40:10 -0700
Superseded in oneiric-proposed 
krb5 (1.9.1+dfsg-1ubuntu2) oneiric-proposed; urgency=low

  * src/lib/krb5/krb/get_creds.c: cherry pick an upstream fix to allow
    clients to work against older versions of KDCs that don't support the
    "canonicalize" option.  LP: #874130.
 -- Steve Langasek <email address hidden>   Fri, 14 Oct 2011 15:00:48 -0700
Superseded in lucid-updates
Superseded in lucid-security 
krb5 (1.8.1+dfsg-2ubuntu0.10) lucid-security; urgency=low

  * SECURITY UPDATE: fix multiple kdc DoS issues:
    - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
      ldap/libkdb_ldap/lockout.c:
      + more strict checking for null pointers
      + disable assert and return when db is locked
      + applied inline from upstream
    - CVE-2011-1528 and CVE-2011-1529
    - MITKRB5-SA-2011-006
 -- Steve Beattie <email address hidden>   Tue, 11 Oct 2011 06:52:21 -0700
Obsolete in maverick-updates
Obsolete in maverick-security 
krb5 (1.8.1+dfsg-5ubuntu0.8) maverick-security; urgency=low

  * SECURITY UPDATE: fix multiple kdc DoS issues:
    - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
      ldap/libkdb_ldap/lockout.c:
      + more strict checking for null pointers
      + disable assert and return when db is locked
      + applied inline from upstream
    - CVE-2011-1528 and CVE-2011-1529
    - MITKRB5-SA-2011-006
 -- Steve Beattie <email address hidden>   Tue, 11 Oct 2011 06:52:39 -0700
Superseded in natty-updates
Superseded in natty-security 
krb5 (1.8.3+dfsg-5ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: fix multiple kdc DoS issues:
    - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
      ldap/libkdb_ldap/lockout.c:
      + more strict checking for null pointers
      + disable assert iand return when db is locked
      + applied inline
    - CVE-2011-1528 and CVE-2011-1529
    - MITKRB5-SA-2011-006
 -- Steve Beattie <email address hidden>   Mon, 10 Oct 2011 15:23:12 -0700
Superseded in oneiric-updates
Superseded in oneiric-security 
krb5 (1.9.1+dfsg-1ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: fix multiple kdc DoS issues:
    - db2/lockout.c, ldap/libkdb_ldap/ldap_principal2.c,
      ldap/libkdb_ldap/lockout.c:
      + more strict checking for null pointers
      + disable assert iand return when db is locked
      + applied inline
    - CVE-2011-1527, CVE-2011-1528, and CVE-2011-1529
  *
 -- Steve Beattie <email address hidden>   Mon, 10 Oct 2011 11:11:47 -0700
Superseded in precise-release
Obsolete in oneiric-release 
krb5 (1.9.1+dfsg-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - Build for multiarch, with pre-depends on multi-arch support virtual package.
    - Add Breaks: on old versions fo external packages (i.e., ssd) using
      /usr/lib/krb5 due to the path tranisition
Superseded in oneiric-release 
krb5 (1.9+dfsg-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - Build for multiarch, with pre-depends on multi-arch support virtual package.
    - Add Breaks: on old versions fo external packages (i.e., ssd) using
      /usr/lib/krb5 due to the path tranisition.
Obsolete in karmic-updates
Obsolete in karmic-security 
krb5 (1.7dfsg~beta3-1ubuntu0.13) karmic-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
    pointer.
    - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
    - CVE-2011-0285
    - MITKRB5-SA-2011-004
 -- Kees Cook <email address hidden>   Mon, 18 Apr 2011 15:40:41 -0700
Superseded in lucid-updates
Superseded in lucid-security 
krb5 (1.8.1+dfsg-2ubuntu0.9) lucid-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
    pointer.
    - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
    - CVE-2011-0285
    - MITKRB5-SA-2011-004
 -- Kees Cook <email address hidden>   Mon, 18 Apr 2011 15:40:24 -0700
Superseded in maverick-updates
Superseded in maverick-security 
krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
    pointer.
    - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
    - CVE-2011-0285
    - MITKRB5-SA-2011-004
 -- Kees Cook <email address hidden>   Mon, 18 Apr 2011 15:40:00 -0700
Superseded in oneiric-release
Superseded in natty-updates
Superseded in natty-security 
krb5 (1.8.3+dfsg-5ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
    pointer.
    - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
    - CVE-2011-0285
    - MITKRB5-SA-2011-004
 -- Kees Cook <email address hidden>   Mon, 18 Apr 2011 15:38:18 -0700
Superseded in oneiric-release
Obsolete in natty-release 
krb5 (1.8.3+dfsg-5ubuntu2) natty; urgency=low

  * FFe LP: #733501
  * Build for multiarch, with pre-depends on multiarch-support virtual
    package.
  * Add Breaks: on old versions of external packages (i.e., sssd) using
    /usr/lib/krb5 due to the path transition.
 -- Steve Langasek <email address hidden>   Sat, 19 Mar 2011 04:15:00 -0700
Superseded in natty-release 
krb5 (1.8.3+dfsg-5ubuntu1) natty; urgency=low

  * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
    capability is used.
    - src/kdc/do_as_req.c: clear fields on allocation; applied inine,
      thanks to upstream
    - CVE-2011-0284
    - MITKRB5-SA-2011-003
 -- Steve Beattie <email address hidden>   Tue, 15 Mar 2011 10:40:43 -0700
Superseded in natty-release 
krb5 (1.8.3+dfsg-5) unstable; urgency=low

  * KDC/LDAP DOS    (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282,
    Closes: #613487
  * Fix delegation of credentials against Windows servers; significant
    interoperability issue, Closes: #611906
  * Set nt-srv-inst on TGS names to work against W2K8R2 KDCs, Closes:
    #616429
  * Don't fail authentication when PAC verification fails; support hmac-
    md5 checksums even for non-RC4 keys, Closes: #616728
 -- Chuck Short <email address hidden>   Tue,  15 Mar 2011 11:21:57 +0000
Superseded in lucid-updates
Superseded in lucid-security 
krb5 (1.8.1+dfsg-2ubuntu0.8) lucid-security; urgency=low

  * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
    capability is used.
    - src/kdc/do_as_req.c: clear fields on allocation; applied inline,
      thanks to upstream
    - CVE-2011-0284
    - MITKRB5-SA-2011-003
 -- Steve Beattie <email address hidden>   Mon, 14 Mar 2011 16:01:50 -0700
Superseded in maverick-updates
Superseded in maverick-security 
krb5 (1.8.1+dfsg-5ubuntu0.6) maverick-security; urgency=low

  * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
    capability is used.
    - src/kdc/do_as_req.c: clear fields on allocation; applied inline,
      thanks to upstream
    - CVE-2011-0284
    - MITKRB5-SA-2011-003
 -- Steve Beattie <email address hidden>   Mon, 14 Mar 2011 15:46:36 -0700
Superseded in karmic-updates
Superseded in karmic-security 
krb5 (1.7dfsg~beta3-1ubuntu0.12) karmic-security; urgency=low

  * SECURITY UPDATE: kdc denial of service due to double-free if PKINIT
    capability is used.
    - src/kdc/do_as_req.c: clear fields on allocation; applied inline,
      thanks to upstream
    - CVE-2011-0284
    - MITKRB5-SA-2011-003
 -- Steve Beattie <email address hidden>   Mon, 14 Mar 2011 15:38:57 -0700
76150 of 251 results FirstLast