Your message dated Wed, 17 Nov 2021 04:48:33 +0000 with message-id <e1mncs5-0009dx...@fasolo.debian.org> and subject line Bug#996586: fixed in heimdal 7.7.0+dfsg-3 has caused the Debian Bug report #996586, regarding heimdal: CVE-2021-3671 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 996586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996586 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: heimdal Version: 7.7.0+dfsg-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 7.5.0+dfsg-3 Hi, The following vulnerability was published for heimdal. CVE-2021-3671[0]: | A null pointer de-reference was found in the way samba kerberos server | handled missing sname in TGS-REQ (Ticket Granting Server - Request). | An authenticated user could use this flaw to crash the samba server. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3671 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671 [1] https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a [2] https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: heimdal Source-Version: 7.7.0+dfsg-3 Done: Brian May <b...@debian.org> We believe that the bug you reported is fixed in the latest version of heimdal, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 996...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Brian May <b...@debian.org> (supplier of updated heimdal package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 17 Nov 2021 12:12:45 +1100 Source: heimdal Architecture: source Version: 7.7.0+dfsg-3 Distribution: unstable Urgency: high Maintainer: Brian May <b...@debian.org> Changed-By: Brian May <b...@debian.org> Closes: 996586 Changes: heimdal (7.7.0+dfsg-3) unstable; urgency=high . * Fix CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ. Closes: #996586. * Fix autoconf 2.7 issues. Checksums-Sha1: c4d5fc13974baa269ed94af5ee624ec3cd192d97 3580 heimdal_7.7.0+dfsg-3.dsc 2b71fff4c2e4a4c8b2c6ab3e4f5dc40b26b6388f 5945252 heimdal_7.7.0+dfsg.orig.tar.xz 9588f0414db58fa45bebf6ade89b432951721d0d 129156 heimdal_7.7.0+dfsg-3.debian.tar.xz 31e694f184237e664cfc1026ba396bff9e228121 7613 heimdal_7.7.0+dfsg-3_source.buildinfo Checksums-Sha256: ca8d8b706816777d6d919cccdcb3190cf241c690b2f78de090411866d73ffcd7 3580 heimdal_7.7.0+dfsg-3.dsc 6822c9547188b753b6325047fda9255744e4ebbbe02bb0dade78c261061fefac 5945252 heimdal_7.7.0+dfsg.orig.tar.xz 4a11646bdaff58958c6796ebdb23b808aa52924712832de539a08c1731d56299 129156 heimdal_7.7.0+dfsg-3.debian.tar.xz 2068dd6a3fc5d62e28ed717c4b582023a61e1e695aef0983e96ccc482d3cb567 7613 heimdal_7.7.0+dfsg-3_source.buildinfo Files: e055ec1334069b8ad78270121457a72f 3580 net optional heimdal_7.7.0+dfsg-3.dsc 4400de10f7a569fe14ecb2641aea341b 5945252 net optional heimdal_7.7.0+dfsg.orig.tar.xz c8a8320753fd0d0b5ee0d9122fc0ca71 129156 net optional heimdal_7.7.0+dfsg-3.debian.tar.xz 9d6871450cbc1e335167a7521948136d 7613 net optional heimdal_7.7.0+dfsg-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAmGUg9YACgkQKpJZkldk SvrqMRAAiOObSd2Xh8M6eAyUlv+WT+DEeN+Cz/3MUBDK7f75k4glaDRp5w1al1kJ F5+3Ig8kPUuPpfX6CMcTcTMZB5nO222LEWk/4rqYY0aWjf99mBGrSFfUFXAPpKJ9 rTelhb9sNoWdh5e2nxWsdLN8SHc8+iKzxE1vdlBgsCzrSCZQ4m1QewTupRdrKaI3 2umsP7U8dTtAP+dv850qyXBIByLcW2QEOyKNA3JTps1yjm5D8pmn45Gg8mJ9m0L3 86lMlZyV8xfR13CqMSuzMyZD6NKyEL88MQkVcSNLies97IP0LvwkkuxMFPgwJXe/ n+s5G0hE0ltlLlFCtPvn60sCfy2IolgkElEsgu1JyJZeHXaVuRPw5w7DGjj3BA1e x3DtiuMXBZTnb58mips1DztxTR5eCxw8QHS85hgCo/s+Dgnjc5onSrEQWzT0ARWc eFGdlezj88A1mMPJN+3MJ5RNj04P8hhcJYuDx3LD7ogDjhXG8RhXHqg8fytmnPWU /bLd9HTNJOK33MJCWGin39YUqvVwJj4h2gsLe9PpJ94ok2bSQF11jjT4mrSiH1cR FxNZ/kdKe/9kLeCgdzh+n0H+5BMryeTYJ/wxnQ5FqkeK+S9OvJUbi9tk5bPoTOJ5 Ac5VhrfNa52uEw+AdpS+tyYW1F5CLLbCJZhS2JAoX7PQn2Qn8A4= =1A+N -----END PGP SIGNATURE-----
--- End Message ---
