Hi everyone, we have performed additional tests that led to the conclusion that this bug did already exist in 3.16.0-5-amd64, but not in 3.16.0-4-amd64. Given that, it must have been some change in 3.16.51-3+deb8u1 which luckily are only few. I hope its not fallout from the KPTI patch, so the only other thing that seems relevant (since we're using Kerberos) would be:
> * KEYS: add missing permission check for request_key() destination > (CVE-2017-17807) Does that seem valid? Regards, -- Moritz Schlarb Unix-Gruppe | Systembetreuung Zentrum für Datenverarbeitung Johannes Gutenberg-Universität Mainz Raum 01-331 - Tel. +49 6131 39-29441 OpenPGP Fingerprint: DF01 2247 BFC6 5501 AFF2 8445 0C24 B841 C7DD BAAF
<<attachment: schlarbm.vcf>>
signature.asc
Description: OpenPGP digital signature
