Your message dated Thu, 17 Nov 2022 18:34:37 +0000 with message-id <e1ovjif-00a7g6...@fasolo.debian.org> and subject line Bug#1024267: fixed in krb5 1.20.1-1 has caused the Debian Bug report #1024267, regarding krb5: CVE-2022-42898: integer overflows in PAC parsing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1024267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: krb5 Version: 1.20-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.18.3-6+deb11u2 Control: found -1 1.18.3-6 Control: found -1 1.8+dfsg-1 Hi, The following vulnerability was published for krb5. CVE-2022-42898[0]: | integer overflows in PAC parsing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-42898 https://www.cve.org/CVERecord?id=CVE-2022-42898 [1] https://github.com/krb5/krb5/commit/b99de751dd35360c0fccac74a40f4a60dbf1ceea Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: krb5 Source-Version: 1.20.1-1 Done: Sam Hartman <hartm...@debian.org> We believe that the bug you reported is fixed in the latest version of krb5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1024...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman <hartm...@debian.org> (supplier of updated krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 17 Nov 2022 10:34:28 -0700 Source: krb5 Architecture: source Version: 1.20.1-1 Distribution: unstable Urgency: high Maintainer: Sam Hartman <hartm...@debian.org> Changed-By: Sam Hartman <hartm...@debian.org> Closes: 1005821 1020424 1024267 Changes: krb5 (1.20.1-1) unstable; urgency=high . [ Bastian Germann ] * Sync debian/copyright with NOTICE from upstream . [ Debian Janitor ] * Trim trailing whitespace. * Strip unusual field spacing from debian/control. * Use secure URI in Homepage field. * Merge upstream signing key files. * Update renamed lintian tag names in lintian overrides. * Update standards version to 4.6.1, no changes needed. * Remove field Section on binary package krb5-gss-samples that duplicates source. * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser, VCS-Git => Vcs-Git). . [ Sam Hartman ] * New upstream release - Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 * Tighten version dependencies around crypto library, Closes: 1020424 * krb5-user reccomends rather than Depends on krb5-config. This avoids a hard dependency on bind9-host, but also supports cases where krb5-config is externally managed, Closes: #1005821 Checksums-Sha1: c8d502aaaf41a18763c55fb8412a129f93b68694 3168 krb5_1.20.1-1.dsc 06278439a6cd5a2aa861d8e877451b794487534b 8661660 krb5_1.20.1.orig.tar.gz 1cd01998135e3db3c4401b84459fb19ab8baabaf 833 krb5_1.20.1.orig.tar.gz.asc 73d996e0606504dd2796e7d7814adeb5155a4368 99428 krb5_1.20.1-1.debian.tar.xz 31ca0c510d7518f12d7606d4218cb6ad834087de 5267 krb5_1.20.1-1_source.buildinfo Checksums-Sha256: dca082e1aac1ae5f7622b524942a305ad7c93e584f3a67db02f48542eb5b415a 3168 krb5_1.20.1-1.dsc 704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851 8661660 krb5_1.20.1.orig.tar.gz 2afeec5dbc586cc40b7975645e02b4c41c4d719dd02213e828c72d8239d55666 833 krb5_1.20.1.orig.tar.gz.asc 19c5f3e66ee1c22f05d86e1ec521e08f885105db4d42403593db6e6db38fad13 99428 krb5_1.20.1-1.debian.tar.xz 0248c4d3cc20e26b43a55046c0775021d3b3aaf66dcb4ece63f8e3bae19b7c13 5267 krb5_1.20.1-1_source.buildinfo Files: 59822e3c6a484479f11e644752bfc6e3 3168 net optional krb5_1.20.1-1.dsc 73f5780e7b587ccd8b8cfc10c965a686 8661660 net optional krb5_1.20.1.orig.tar.gz 46551f0a032aa02dccac3789a344e028 833 net optional krb5_1.20.1.orig.tar.gz.asc 0070fac8c64aa9328d1cc321c5854b7e 99428 net optional krb5_1.20.1-1.debian.tar.xz ec021b7c59ea71b50898ab766240434b 5267 net optional krb5_1.20.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCY3Z7ogAKCRAsbEw8qDeG dMhmAP94HIbZYTXwSOV4qTihJiGFLotbOTpw9TFH+yQt9/K7sQEAm7CNMcGUs8Yj IYU4KBv8lUm7RfI4st4kmqcdEKq2UQw= =EVtB -----END PGP SIGNATURE-----
--- End Message ---
