Your message dated Sat, 15 Jul 2017 11:06:31 +0000 with message-id <e1dwku7-0009yi...@fasolo.debian.org> and subject line Bug#868208: fixed in heimdal 7.4.0.dfsg.1-1 has caused the Debian Bug report #868208, regarding CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: heimdal Severity: grave Tags: security patch Version: 1.6~git20120403+dfsg1-2 Hi, the following vulnerability was published for heimdal. CVE-2017-11103[0]: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre A dedicated website is here: https://orpheus-lyre.info/ The heimdal patch is here: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea All Debian releases are affected (from wheezy to sid). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11103 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 Please adjust the affected versions in the BTS as needed. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---Source: heimdal Source-Version: 7.4.0.dfsg.1-1 We believe that the bug you reported is fixed in the latest version of heimdal, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Brian May <b...@debian.org> (supplier of updated heimdal package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 15 Jul 2017 19:47:32 +1000 Source: heimdal Binary: heimdal-docs heimdal-kdc heimdal-multidev heimdal-dev heimdal-clients heimdal-kcm heimdal-servers heimdal-dbg libheimbase1-heimdal libasn1-8-heimdal libkrb5-26-heimdal libhdb9-heimdal libkadm5srv8-heimdal libkadm5clnt7-heimdal libgssapi3-heimdal libkafs0-heimdal libroken18-heimdal libotp0-heimdal libsl0-heimdal libkdc2-heimdal libhx509-5-heimdal libheimntlm0-heimdal libwind0-heimdal libhcrypto4-heimdal Architecture: source i386 all Version: 7.4.0.dfsg.1-1 Distribution: unstable Urgency: high Maintainer: Brian May <b...@debian.org> Changed-By: Brian May <b...@debian.org> Description: heimdal-clients - Heimdal Kerberos - clients heimdal-dbg - Heimdal Kerberos - debugging symbols heimdal-dev - Heimdal Kerberos - development files heimdal-docs - Heimdal Kerberos - documentation heimdal-kcm - Heimdal Kerberos - KCM daemon heimdal-kdc - Heimdal Kerberos - key distribution center (KDC) heimdal-multidev - Heimdal Kerberos - Multi-implementation Development heimdal-servers - Heimdal Kerberos - server programs libasn1-8-heimdal - Heimdal Kerberos - ASN.1 library libgssapi3-heimdal - Heimdal Kerberos - GSSAPI support library libhcrypto4-heimdal - Heimdal Kerberos - crypto library libhdb9-heimdal - Heimdal Kerberos - kadmin server library libheimbase1-heimdal - Heimdal Kerberos - Base library libheimntlm0-heimdal - Heimdal Kerberos - NTLM support library libhx509-5-heimdal - Heimdal Kerberos - X509 support library libkadm5clnt7-heimdal - Heimdal Kerberos - kadmin client library libkadm5srv8-heimdal - Libraries for Heimdal Kerberos libkafs0-heimdal - Heimdal Kerberos - KAFS support library libkdc2-heimdal - Heimdal Kerberos - KDC support library libkrb5-26-heimdal - Heimdal Kerberos - libraries libotp0-heimdal - Heimdal Kerberos - OTP support library libroken18-heimdal - Heimdal Kerberos - roken support library libsl0-heimdal - Heimdal Kerberos - SL support library libwind0-heimdal - Heimdal Kerberos - stringprep implementation Closes: 868208 Changes: heimdal (7.4.0.dfsg.1-1) unstable; urgency=high . * New upstream version. * Update standards version to 4.0.0. * CVE-2017-11103: Fix Orpheus' Lyre KDC-REP service name validation. (Closes: #868208). Checksums-Sha1: 2d2c17fd9015bf8386b69100ca1e5f2b3883795e 3652 heimdal_7.4.0.dfsg.1-1.dsc 4720bf5d230e6048ecbff56d38eedb6ff640b29c 9960312 heimdal_7.4.0.dfsg.1.orig.tar.gz 3676f5969823fa8e2684ce72383a5079516ae2bd 128172 heimdal_7.4.0.dfsg.1-1.debian.tar.xz 35af31cf0c32d81bfdb7d81f0596225f42e3335e 183150 heimdal-clients_7.4.0.dfsg.1-1_i386.deb d5d7d22c20389d0ac474e82a3c8c64716cc5a931 4747748 heimdal-dbg_7.4.0.dfsg.1-1_i386.deb f6687932f6aff98f5a1e8f278643d5659c805f1f 241446 heimdal-dev_7.4.0.dfsg.1-1_i386.deb 81e497d84715b8c1a486f5407f660b7b90f0ea94 105894 heimdal-docs_7.4.0.dfsg.1-1_all.deb 10da201e6f6ecd53702a970e91967a0fa2a8a5a9 57556 heimdal-kcm_7.4.0.dfsg.1-1_i386.deb 49438308da8b4c67b3b241c60ebf57196392d2a5 132356 heimdal-kdc_7.4.0.dfsg.1-1_i386.deb 8a5ebb3d3e0699e8822ba5610f0e4837819d6e9a 1275326 heimdal-multidev_7.4.0.dfsg.1-1_i386.deb a4207e2707bd2b298a6700e24229a300ac6427f6 35376 heimdal-servers_7.4.0.dfsg.1-1_i386.deb ebff63e64bda85073b1baa642b132d2de6aafd62 14572 heimdal_7.4.0.dfsg.1-1_i386.buildinfo cc5dcff7421ba0ad2193cb5b2984213c0b81df37 217300 libasn1-8-heimdal_7.4.0.dfsg.1-1_i386.deb 73d4deaa36d32f69bac40c443cb7b362b9e3e47e 133650 libgssapi3-heimdal_7.4.0.dfsg.1-1_i386.deb 5ea2b4ee0d4881ac2e1e6af72d9852fe76220607 119714 libhcrypto4-heimdal_7.4.0.dfsg.1-1_i386.deb bac11f2611a819bc58a085fea867304d07c48d92 95504 libhdb9-heimdal_7.4.0.dfsg.1-1_i386.deb 1a489e1c83c67d72a79401122220076906554f2b 56552 libheimbase1-heimdal_7.4.0.dfsg.1-1_i386.deb 8905d8d3845a25f6c363cbce24a447e274835eb3 41902 libheimntlm0-heimdal_7.4.0.dfsg.1-1_i386.deb 967f99b29efaa983d3d68c376b50389712c62883 143636 libhx509-5-heimdal_7.4.0.dfsg.1-1_i386.deb 261e36b004754bc049ef907293be3cadfe7f4502 45712 libkadm5clnt7-heimdal_7.4.0.dfsg.1-1_i386.deb 23c634de8d707ca26c6b20fadd1459b82e2daf70 64524 libkadm5srv8-heimdal_7.4.0.dfsg.1-1_i386.deb e7968d5f4f31cbbc4f3390a707c4dbd96f29a76e 42314 libkafs0-heimdal_7.4.0.dfsg.1-1_i386.deb 3ed8ec45c3259fe14f2a5fbe098a62c3de03816c 85316 libkdc2-heimdal_7.4.0.dfsg.1-1_i386.deb c34c20c667965a68346a1d40732c942ef6827dd5 258972 libkrb5-26-heimdal_7.4.0.dfsg.1-1_i386.deb b0f10acd55a5729bb69f12b6e81af5233d7244d0 50914 libotp0-heimdal_7.4.0.dfsg.1-1_i386.deb 3c89cc11691ed2bd229576d8308b501d70e59f6a 69192 libroken18-heimdal_7.4.0.dfsg.1-1_i386.deb 5e21cf667b793a191f3113904759ebec46d448ab 37932 libsl0-heimdal_7.4.0.dfsg.1-1_i386.deb a4be7656ab1ae91c6cb8f36def3272ba3fdf6910 74140 libwind0-heimdal_7.4.0.dfsg.1-1_i386.deb Checksums-Sha256: 6755e0c1710068512ae1e81190c8c4c4a17735cf0215eeca05d22a8a5310c2bc 3652 heimdal_7.4.0.dfsg.1-1.dsc 47ce052bb03af79d8f71d8e5d18647f12fda190bedd9da0f391697049f1feb14 9960312 heimdal_7.4.0.dfsg.1.orig.tar.gz f40bebd372b4f8cbd74a517fa21ad7f4a20cb47562f547e0fda6f2addc690eda 128172 heimdal_7.4.0.dfsg.1-1.debian.tar.xz da8425c0648eedf28a575fc479059b36500c77b935f6cebafd870ef44b68391c 183150 heimdal-clients_7.4.0.dfsg.1-1_i386.deb 5bb9bd591ffd3fc486eb40c617007330d4b5888561c53a6a5236b98b5b9b6f25 4747748 heimdal-dbg_7.4.0.dfsg.1-1_i386.deb 67fc42e23a3860d2b690f9cce43b94adf588c13cf1ab4374c3b8495651b5321a 241446 heimdal-dev_7.4.0.dfsg.1-1_i386.deb a53aec2df0c820775432bad11a80b8e7ecc9eb685617471070bbae25ee6e4320 105894 heimdal-docs_7.4.0.dfsg.1-1_all.deb a854270fb59af6e42dd9d77b816be7b11c1a9c715a90492a47e3251a17a4d023 57556 heimdal-kcm_7.4.0.dfsg.1-1_i386.deb 4a0cf3b2e181889a544a44bab6fda083bde23fb059579327c69c64112bf4cf12 132356 heimdal-kdc_7.4.0.dfsg.1-1_i386.deb c08b379d441fc848553deee4c5b81a8516900c1ccf6ad22fd299ad6a42a9c775 1275326 heimdal-multidev_7.4.0.dfsg.1-1_i386.deb 69340992cf3fe5ee2880bd3754b5e00f4cc6e6f76857e76d05ec3b010b6b7f64 35376 heimdal-servers_7.4.0.dfsg.1-1_i386.deb b58075d6517dbb1418961fb3377e1f067960b9effefe2ead265dbee1c2099a82 14572 heimdal_7.4.0.dfsg.1-1_i386.buildinfo 039af01c2616c65da8237c45dd7da3e9a3f61290aad5465ac0e2a3af1be9514e 217300 libasn1-8-heimdal_7.4.0.dfsg.1-1_i386.deb 2b71a78d0a6b1f21e96bb377aa31a2186f97da7e04710d622cca1b6b2ca3f144 133650 libgssapi3-heimdal_7.4.0.dfsg.1-1_i386.deb 3216a6c7e6a73499da771340caaf7ff8ddc5bf8a2e6b231f84258246f0bdf9e9 119714 libhcrypto4-heimdal_7.4.0.dfsg.1-1_i386.deb 7525e2c9a4ca07d357a6837a783bbf5fe2f6a2d7a1f8c64acd48a803315cdde2 95504 libhdb9-heimdal_7.4.0.dfsg.1-1_i386.deb 466c39a4a3cafdad33901becb12079df922744f5ed5a21ef3ef92e464fc3c1f8 56552 libheimbase1-heimdal_7.4.0.dfsg.1-1_i386.deb 3ee005efc509c0f0f12607eb0d66f6ded558e52e1a6f84fc28710fcdcf4886da 41902 libheimntlm0-heimdal_7.4.0.dfsg.1-1_i386.deb 74d2453b3c7f28d8eabecd280b5cc2c8c25ec455688b874775cd28d5e2ae5d75 143636 libhx509-5-heimdal_7.4.0.dfsg.1-1_i386.deb c2e06f05b8d0d175204014830028393339ff8219ed3a329f078c0f8deabb7561 45712 libkadm5clnt7-heimdal_7.4.0.dfsg.1-1_i386.deb 15d82226d14bf5b4da1c4f97dd4a28595d2ce3f3dc9d8443d379a681c9ea214a 64524 libkadm5srv8-heimdal_7.4.0.dfsg.1-1_i386.deb 753dff71e9ad869d9f22f7cb4c36db8367f9c82c11ec9aab37ece9a3ef36cd34 42314 libkafs0-heimdal_7.4.0.dfsg.1-1_i386.deb bbc7d475c6c67e89d56b3c2fa5abf86a4e915c5f73fb206784549dd957168381 85316 libkdc2-heimdal_7.4.0.dfsg.1-1_i386.deb 336a5ca3209195a02297d9c25a3d3ea488ca4142c0be8f10ba4859bc0727d8a6 258972 libkrb5-26-heimdal_7.4.0.dfsg.1-1_i386.deb 5e513a8bb4f47625dbfd1c040d2ae0ac01e4c9f0bbbac7c4a4debe2a3e9e60b0 50914 libotp0-heimdal_7.4.0.dfsg.1-1_i386.deb 6adf5518f9044f52bc5fc3a6cdd84eaed99a7636a61d413e371159de0dee90ad 69192 libroken18-heimdal_7.4.0.dfsg.1-1_i386.deb ae09544211b13d46f417717f7898415a1d37207a81719e1ae8580bd3e86c7eac 37932 libsl0-heimdal_7.4.0.dfsg.1-1_i386.deb a10f2167b0a897e4275d1370da90a4c0f81ba2b5f02801f00844f065e1bdaf46 74140 libwind0-heimdal_7.4.0.dfsg.1-1_i386.deb Files: f09d1fd4c0fad807be628eeacf3cffaf 3652 net optional heimdal_7.4.0.dfsg.1-1.dsc 811faa1b41f68f6942e247b668501afb 9960312 net optional heimdal_7.4.0.dfsg.1.orig.tar.gz 280ded9d077e63a3b32ea64788be052b 128172 net optional heimdal_7.4.0.dfsg.1-1.debian.tar.xz 3360954a32c31537ff1a4bc4c79cf309 183150 net extra heimdal-clients_7.4.0.dfsg.1-1_i386.deb b5cdee332068d24c56a874cf52452d52 4747748 debug extra heimdal-dbg_7.4.0.dfsg.1-1_i386.deb 92be8203a9f55313a3cfc96830089cbd 241446 devel extra heimdal-dev_7.4.0.dfsg.1-1_i386.deb 3be7c62d9a9d1fcbad66e134f9395277 105894 doc extra heimdal-docs_7.4.0.dfsg.1-1_all.deb 035ba72432f2808da240f4f1ba280cfd 57556 net extra heimdal-kcm_7.4.0.dfsg.1-1_i386.deb 7c6714195a8e22801b8b83c32959bf9b 132356 net extra heimdal-kdc_7.4.0.dfsg.1-1_i386.deb 60532185691eda8a12e67c4ee6f91e1e 1275326 devel extra heimdal-multidev_7.4.0.dfsg.1-1_i386.deb 8d7c8f248710b2d7b836a845fbc08ae7 35376 net extra heimdal-servers_7.4.0.dfsg.1-1_i386.deb f9bb45cf679c76f951b53a67866395c8 14572 net optional heimdal_7.4.0.dfsg.1-1_i386.buildinfo 0b571ed5cad463805d3c4b670484ac5e 217300 libs optional libasn1-8-heimdal_7.4.0.dfsg.1-1_i386.deb c6efccee9090380296f4788b26d64ae5 133650 libs optional libgssapi3-heimdal_7.4.0.dfsg.1-1_i386.deb 01e8430d84fe411d3f161e46bf8b8b6f 119714 libs optional libhcrypto4-heimdal_7.4.0.dfsg.1-1_i386.deb 8b39bfc4c41b92f4e8cb2ff18bc1109d 95504 libs optional libhdb9-heimdal_7.4.0.dfsg.1-1_i386.deb 618194cb1491a11f002b0ede9f79cfb6 56552 libs optional libheimbase1-heimdal_7.4.0.dfsg.1-1_i386.deb d0033f4c00cbbba1d5690545676dd774 41902 libs optional libheimntlm0-heimdal_7.4.0.dfsg.1-1_i386.deb 52b4206cfe46bac70d2ac245c73f1b28 143636 libs optional libhx509-5-heimdal_7.4.0.dfsg.1-1_i386.deb 195a0e370c61097cb6399207454bd290 45712 libs optional libkadm5clnt7-heimdal_7.4.0.dfsg.1-1_i386.deb 4d0265476eae235f81a2997840acb0c8 64524 libs optional libkadm5srv8-heimdal_7.4.0.dfsg.1-1_i386.deb 119b8e85ece122bc1611e3306af14318 42314 libs extra libkafs0-heimdal_7.4.0.dfsg.1-1_i386.deb 9383e8a936db4adbdb71f963273b37b7 85316 libs extra libkdc2-heimdal_7.4.0.dfsg.1-1_i386.deb 67fbd7692e26e94e7d91294b2b3374db 258972 libs optional libkrb5-26-heimdal_7.4.0.dfsg.1-1_i386.deb 1ec4e5f2aa8b084985c67698ef7a1f54 50914 libs extra libotp0-heimdal_7.4.0.dfsg.1-1_i386.deb 62afff9e17af3dbde5a865a26aee6c86 69192 libs optional libroken18-heimdal_7.4.0.dfsg.1-1_i386.deb 0e21bda7aa754d23a5a5b9f81a65e014 37932 libs extra libsl0-heimdal_7.4.0.dfsg.1-1_i386.deb 8931586d842ed7da58915d13c1b9e830 74140 libs optional libwind0-heimdal_7.4.0.dfsg.1-1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAllp8MQACgkQF4RXf4Ef bqwxMxAAlUm5Ev6GzGYVP4xvTt43Wh4BaXGKErTZ2JkEDQlJBARgHbnLSjBY0ukr FXhoLCjcjQrV/c9dsbVdWEeEA0L47Qfk0VFle6PRL4mcmRxOnKGKvyFHQzE9Vsrr MuBQn4+w+aUqT3iPlVsJlwgKbzzvvPhVvX+AMa7jf9ws6v3y7e8kZJe07Pl0T153 YIP4qe8g73/eCn/D3Kl8nJc7twMPTzKJVN26kxKroQgh9T2Q5/yw+gNSLn5N647Q vPPn+lFnW4T107ZTD7P7PoltFBbx7+HCf1175C5Q9QVASxZslLoVNLyHu4Hn/Ae9 psPZEFhuczyqhi8qWWmXYQfqSOTllXaIa58+zZmUBjAeuZ5R/7psiWUake76m89l NrcFlcn4+hhGD2yv8GqbzYeJhth3tlh8lS1MTgDWRt7GL/83rc2IgAA6TfugfysZ HYqZ0kVaQL4LbHX6pLLQy3/AkfsyLr9Y0JsUR2lLkWf9aRVgorVDDad9VUeBJNl+ OhsJhHAkDYSRimm905sr0kPZAoPk5b6hv8q0rMSB5We+vTxDOXvYl6qUmUNg8eAU XKGVH7+lFrPDPqGSp6oXPKrwjR1yeO/GO82wzPNwccCvfGVN7zA2QFSf2cWYo0fG 45lg08r0pHhbeQ1z9VH16MSnjFHc2hPTE31b6P1f4eozYNSJO/g= =MgKw -----END PGP SIGNATURE-----
--- End Message ---
