Ubuntu
krb5 package

Change logs for krb5 source package in Breezy

  1. Breezy (5.10)
  2. Change log 
  • krb5 (1.3.6-4ubuntu0.2) breezy-security; urgency=low

  * SECURITY UPDATE: arbitrary login via telnet, arbitrary code execution
    via syslog buffer overflows, and heap corruption via GSS api.
  * src/appl/telnet/telnetd/{state,sys_term}.c: MIT-SA-2007-1 fix from
    upstream (CVE-2007-0956).
  * src/lib/kadm5/logger.c: MIT-SA-2007-2 fix from Debian, based on
    upstream fixes (CVE-2007-0957).
  * src/lib/gssapi/krb5/k5unseal.c: MIT-SA-2007-3 fix from upstream
    (CVE-2007-1216).
  * References
    http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt
    http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
    http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt

 -- Kees Cook <email address hidden>   Tue,  3 Apr 2007 15:53:47 -0700
  • krb5 (1.3.6-4ubuntu0.1) breezy-security; urgency=low

  * SECURITY UPDATE: root privilege escalation in systems which restrict the
    number of per-user processes.
  * Added: debian/patch.setuid_fixes
    - verify return from setuid family of calls.
    - applied patch inline (debian/rules does not apply patches automatically)
  * CVE-2006-3083, CVE-2006-3084

 -- Kees Cook <email address hidden>   Thu, 10 Aug 2006 19:26:05 -0700
  • krb5 (1.3.6-4) unstable; urgency=high


  * Fix a mistake in variable names that caused the package to be built
    without optimization.
  * Allow whitespace before comments in krb5.conf.  Thanks, Jeremie
    Koenig.  (Closes: #314609)
  * GCC 4.0 compile fixes, thanks Daniel Schepler.  (Closes: #315618)
  * Avoid "say yes" in debconf templates.  (Closes: #306883)
  * Update Czech translation, thanks Miroslav Kure.
  * Update French translation, thanks Christian Perrier.  (Closes: #307748)
  * Update Portuguese (Brazil) translation, thanks André Luís Lopes.
  * New Vietnamese translation, thanks Clytie Siddall.  (Closes: #312172)
  * Update standards version to 3.6.2 (no changes required).
  * DAK can now handle not repeating maintainers in uploaders.
  *  Fix double free in krb5_recvauth; critical because it is in the code
    path for kpropd and may allow arbitrary code
    execution. (can-2005-1689) 
  * For the record, most of the changes in this version were made by Russ,
    but I'm doing the upload because of the security fix.
  * krb5_unparse_name overflows allocated storage by one byte on 0 element
    principal name (CAN-2005-1175, VU#885830) 
  * Do not free unallocated storage in the KDC's TCP  request handling
    path (CAN-2005-1174, VU#259798) 

 -- Sam Hartman <email address hidden>  Tue, 12 Jul 2005 15:45:14 -0400