Hi, I've uploaded an nmu fixing these 3 issues to delayed/3. Please see attached patch.
Best wishes, Mike
diff -Nru krb5-1.11.3+dfsg/debian/changelog krb5-1.11.3+dfsg/debian/changelog --- krb5-1.11.3+dfsg/debian/changelog 2013-08-25 21:10:56.000000000 +0000 +++ krb5-1.11.3+dfsg/debian/changelog 2013-11-30 08:17:56.000000000 +0000 @@ -1,3 +1,12 @@ +krb5 (1.11.3+dfsg-3+nmu1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Add python-lxml build dependency (closes: #725596). + * Fix cve-2013-1417: KDC daemon crash condition (closes: #730085). + * Fix cve-2013-1418: KDC null pointer dereference issue (closes: #728845). + + -- Michael Gilbert <mgilb...@debian.org> Sat, 16 Nov 2013 23:40:00 +0000 + krb5 (1.11.3+dfsg-3) unstable; urgency=low [ Benjamin Kaduk ] diff -Nru krb5-1.11.3+dfsg/debian/control krb5-1.11.3+dfsg/debian/control --- krb5-1.11.3+dfsg/debian/control 2013-08-25 21:10:56.000000000 +0000 +++ krb5-1.11.3+dfsg/debian/control 2013-11-30 08:11:52.000000000 +0000 @@ -5,7 +5,7 @@ comerr-dev, docbook-to-man, doxygen, libkeyutils-dev [linux-any], libldap2-dev, libncurses5-dev, libssl-dev, ss-dev, - libverto-dev, pkg-config + libverto-dev, pkg-config, python-lxml, build-depends-indep: python-cheetah, python-sphinx, doxygen-latex Standards-Version: 3.9.4 Maintainer: Sam Hartman <hartm...@debian.org> diff -Nru krb5-1.11.3+dfsg/debian/patches/cve-2013-1417.patch krb5-1.11.3+dfsg/debian/patches/cve-2013-1417.patch --- krb5-1.11.3+dfsg/debian/patches/cve-2013-1417.patch 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.11.3+dfsg/debian/patches/cve-2013-1417.patch 2013-11-30 08:17:37.000000000 +0000 @@ -0,0 +1,22 @@ +origin: https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc + +--- krb5-1.11.3+dfsg.orig/src/kdc/do_tgs_req.c ++++ krb5-1.11.3+dfsg/src/kdc/do_tgs_req.c +@@ -1057,6 +1057,8 @@ find_alternate_tgs(kdc_realm_t *kdc_acti + goto cleanup; + } + cleanup: ++ if (retval == 0 && server_ptr == NULL) ++ retval = KRB5_KDB_NOENTRY; + if (retval != 0) + *status = "UNKNOWN_SERVER"; + +@@ -1149,7 +1151,7 @@ find_referral_tgs(kdc_realm_t *kdc_activ + goto cleanup; + } + /* Don't return a referral to the empty realm or the service realm. */ +- if (realms == NULL || realms[0] == '\0' || ++ if (realms == NULL || realms[0] == NULL || *realms[0] == '\0' || + data_eq_string(srealm, realms[0])) { + retval = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + goto cleanup; diff -Nru krb5-1.11.3+dfsg/debian/patches/cve-2013-1418.patch krb5-1.11.3+dfsg/debian/patches/cve-2013-1418.patch --- krb5-1.11.3+dfsg/debian/patches/cve-2013-1418.patch 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.11.3+dfsg/debian/patches/cve-2013-1418.patch 2013-11-30 08:11:52.000000000 +0000 @@ -0,0 +1,15 @@ +origin: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757 +author: Tom Yu <t...@mit.edu> + +--- krb5-1.11.3+dfsg.orig/src/kdc/main.c ++++ krb5-1.11.3+dfsg/src/kdc/main.c +@@ -125,6 +125,9 @@ setup_server_realm(struct server_handle + int kdc_numrealms = handle->kdc_numrealms; + + kret = 0; ++ if (sprinc == NULL) ++ return NULL; ++ + if (kdc_numrealms > 1) { + if (!(newrealm = find_realm_data(handle, sprinc->realm.data, + (krb5_ui_4) sprinc->realm.length))) diff -Nru krb5-1.11.3+dfsg/debian/patches/series krb5-1.11.3+dfsg/debian/patches/series --- krb5-1.11.3+dfsg/debian/patches/series 2013-08-25 21:10:56.000000000 +0000 +++ krb5-1.11.3+dfsg/debian/patches/series 2013-11-30 08:16:33.000000000 +0000 @@ -8,3 +8,5 @@ upstream/0008-Don-t-warn-or-error-on-variadic-macros.patch 0009-autoreconf.patch upstream/0010-Update-config.guess-and-config.sub.patch +cve-2013-1418.patch +cve-2013-1417.patch
