Ubuntu
krb5 package

Change logs for krb5 source package in Warty

Warty (4.10)
Change log

krb5 (1.3.4-3ubuntu0.2) warty-security; urgency=low


  * SECURITY UPDATE: Multiple buffer overflows.
  * Fix buffer overflow in env_opt_add() in telnet clients. [CVE-2005-0468]
  * Fix buffer overflow in in the handling of the LINEMODE suboptions in
    telnet clients. [CVE-2005-0469]
  * Fix double free in krb5_recvauth(). [CVE-2005-1689]
  * krb5_unparse_name overflows allocated storage by one byte on 0 element
    principal name. [CVE-2005-1175, VU#885830] 
  * Do not free unallocated storage in the KDC's TCP  request handling
    path. [CVE-2005-1174, VU#259798]

 -- Martin Pitt <email address hidden>  Mon,  5 Dec 2005 16:06:37 +0000

krb5 (1.3.4-3) unstable; urgency=high


  * Initial Czech translations thanks to  Miroslav Kure, Closes: #264366
  * Updated French debconf translation, thanks Martin Quinson, Closes: #264941
  * KDC and clients double-free on error conditions (CAN-2004-0642  VU#795632)
  *krb5_rd_cred() double-frees on error conditions(CAN-2004-0643 , CERT
    VU#866472 ) 
  * ASN.1 decoder in MIT Kerberos 5 releases krb5-1.3.4 and
    earlier allows unauthenticated remote attackers to induce
    infinite loop, causing denial of service, including in KDC
    code  (CAN-2004-0644 , CERT VU#550464)
  * Fix double free in krb524d  handling of encrypted ticket contents
    (CAN-2004-0772)  

 -- Sam Hartman <email address hidden>  Tue, 31 Aug 2004 13:04:51 -0400

Ubuntukrb5 package

Change logs for krb5 source package in Warty

Ubuntu
krb5 package