Changelog
krb5 (1.6.dfsg.1-3) unstable; urgency=low
* Upstream bug #5552: krb5_get_init_creds needs to not dereference
gic_opts if it is null. Instead, assume that it is default options,
Closes: #422687
krb5 (1.6.dfsg.1-2) unstable; urgency=low
* Fix shlibdeps to reflect 1.6.dfsg.1 instead of 1.6.1
* Upload 1.6 to unstable
krb5 (1.6.dfsg.1-1) experimental; urgency=low
* Oops, I failed to understand how the version numbers work. Since 1.6.1 is less than 1.6.dfsg, the version numbering is going to be a bit screwy for the 1.6 series. We will use 1.6.dfsg.1 for 1.6.1.
* Update to update-inetd dependency, Closes: #420748
krb5 (1.6.1.dfsg-1) experimental; urgency=low
* Depend on keyutils-lib-dev so we consistently get keyring cache support
* New Portuguese translation, thanks Miguel Figueiredo , Closes: #409318
* New Upstream release
- Update shlibs for new API
* Fix handling of null realm in krb5_rd_req_decoded; now we treat a null realm as a default realm there.
krb5 (1.6.dfsg-1) experimental; urgency=low
* New 1.6 release from upstream.
* Update copyright
krb5 (1.6.dfsg~alpha1-1) experimental; urgency=low
* New upstream release
* Remove IETF RFCs, Closes: #393380
* Update copyright file based on new copyrights upstearm
krb5 (1.4.4-8) unstable; urgency=emergency
* MIT-SA-2007-1: telnet allows login as an arbitrary user when
presented with a specially crafted username; CVE-2007-0956
* krb5_klog_syslog has a trivial buffer overflow that can be exploited
by network data; CVE-2007-0957. The upstream patch is very intrusive
because it fixes each call to syslog to have proper length checking as
well as the actual krb5_klog_syslog internals to use vsnprintf rather
than vsprintf. I have chosen to only include the change to
krb5_klog_syslog for sarge. This is sufficient to fix the problem but
is much smaller and less intrusive. (MIT-SA-2007-2)
* MIT-SA-2007-3: The GSS-API library can cause a double free if
applications treat certain errors decoding a message as errors that
require freeing the output buffer. At least the gssapi rpc library
does this, so kadmind is vulnerable. Fix the gssapi library because
the spec allows applications to treat errors this way. CVE-2007-1216
* New Japanese translation, thanks TANAKA Atushi, Closes: #414382
krb5 (1.4.4-7) unstable; urgency=low
* Translation updates:
- New Portuguese translation, thanks Rui Branco. (Closes: #409318)
krb5 (1.4.4-6) unstable; urgency=emergency
* MIT-SA-2006-2: kadmind and rpc library call through function pointer
to freed memory (CVE-2006-6143). Null out xp_auth unless it is
associated with an rpcsec_gss connection.
-- Kees Cook <email address hidden> Wed, 09 May 2007 14:18:37 +0100