Control: tags -1 + upstream fixed-upstream
Control: forwarded -1 https://github.com/krb5/krb5/pull/543
Thanks; upstream has merged a documentation fix based on your pull
request.
Benjamin Kaduk writes:
> I filed https://github.com/krb5/krb5/pull/543 with some text for this (as
> well as some ot
tags 477297 fixed-upstream
tags 479405 fixed-upstream
thanks
Upstream added a feature to bind specific listening addresses for
krb5kdc and kadmind, in the master branch. This will be in the upcoming
krb5-1.15 release.
fixed 480517 krb5/1.11.1+dfsg-1
thanks
Upstream fixed this as part of the documentation consolidation in
release krb5-1.11.
tags 766364 fixed-upstream
forwarded 766364 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7553
fixed 766364 krb5/1.11.1+dfsg-1
thanks
Upstream fixed this in release krb5-1.11 (and back ported to
krb5-1.10.4). Also, the krb5-1.10 series is now in oldstable rather
than stable.
affects 707195 - src:krb5
affects 707195 - krb5
thanks
Upstream krb5 uses Sphinx instead of texinfo for documentation now.
tags 480542 fixed-upstream
fixed 480542 krb5/1.13.1+dfsg-1
thanks
Upstream fixed this in release krb5-1.13. Package maintainers, please
verify this and close the bug.
tags 278271 fixed-upstream
forwarded 278271 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7840
fixed 278271 1.13
thanks
Upstream fixed this in release krb5-1.13 by deleting send-pr. Package
maintainers, please verify this and close this bug.
@@
+cyrus-imapd-2.4 (2.4.12-2tlyu1) precise; urgency=low
+
+ * Fix race in imtest
+
+ -- Tom Yu Fri, 09 May 2014 18:01:30 -0400
+
cyrus-imapd-2.4 (2.4.12-2) unstable; urgency=low
* Add versioned conflicts with *-2.2 (Closes: 644503)
diff -Nru cyrus-imapd-2.4-2.4.12/debian/patches/90
Package: cyrus-clients-2.4
Version: 2.4.12-2
Tags: upstream
When using imtest with an SSL connection ("imtest -s ...") against an
Exchange IMAP server, long responses from the server sometimes cause
the program to hang after only partially printing the response, often
before printing a newline. T
Florian Weimer writes:
> * Tom Yu:
>
>> Some limited testing indicates that when the packet storm is confined
>> to a single host, legitimate kpasswd and kadm5 requests can still get
>> through, and the CPU usage pegs at about 70%. I haven't tested with
>>
Sam Hartman writes:
> I assume this goes back to squeeze as well.
The bug is as old as the file it's in.
> Shouldn't the severity be higher? This seems probably worth a DSA
> because such ping-pong attacks can really be bad for a network/server.
> Or am I missing mittigations?
> I'd be happy to
Sam Hartman writes:
> My recommendation is that this is not worth a DSA or stable fix for
> squeeze unless some Debian user comes forward and says that they're
> seeing crashes in the wild related to this.
>
> --Sam
Keep in mind that unmodified client software can trivially trigger
this vulnerab
severity 697662 important
thanks
The reverse DNS issue causes serious problems in deployments where
administrators might not have tight control over reverse DNS
information. Experience has shown that this type of hard-to-debug DNS
interaction leads to a lot of frustration and wasted time.
Also,
Package: krb5-user
Version: 1.10+dfsg~beta1-2
Tags: l10n fixed-upstream
Control: found -1 krb5/1.10+dfsg~alpha1-4
Debian changes introduced in 1.10+dfsg~alpha1-4 (#138430) cause klist
to fall back inappropriately to a European date order display when
LANG=en_US.UTF-8, causing some confusion to US
forwarded 658514
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7087&user=guest&pass=guest
thanks
Bug report is now in the upstream bug tracker.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: krb5-kdc
Version: 1.8.1+dfsg
This is also Ubuntu bug 801718.
https://bugs.launchpad.net/bugs/801718
A Debian patch that introduces IPv6 support for kpropd unconditionally
calls getaddrinfo() on KPROP_SERVICE instead of the port passed in by
the user with the '-P' option. This prevents a
tags 561176 + upstream fixed-upstream
forwarded 561176 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6596
thanks
Yes, as far as I can tell, this was fixed by the fix for
CVE-2011-0281. Confirmation would be appreciated if you have access
to the environment that produces the leak. I also correc
forwarded 622681 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
severity 622681 important
reassign 622681 krb5-admin-server
merge 622681 621726
thanks
Merging duplicate; the vulnerability was initially reported to Debian.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.
tags 621726 + fixed-upstream
thanks
Fix committed upstream and advisory published.
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
forwarded 604925
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6839&user=guest&pass=guest
tags 604925 + confirmed upstream fixed-upstream
thanks
I committed a slightly different fix that avoids breaking the
krb5_pac_verify() API.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24564
--
To UN
Sam Hartman writes:
> This patch looks reasonable. I have not confirmed that successfully
> makes the PAC disappear, but if you've examined the logic there I'm
> happy to assume it does.
On the other hand, we do appear to expose the krb5_pac_verify()
interface that is called by the static authd
Sam Hartman writes:
> Hi. At today's release meeting, MIT indicated that they are going to
> set up an OSX X test environment to reproduce this problem. They will
> also look into whether we can ignore the PAC and remove it from the
> authdata if it fails to verify rather than failing the authe
retitle 577490 CVE-2010-1320 double free in KDC caused by ticket renewal
forwarded 577490 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6702
tags 577490 + fixed-upstream
thanks
Upstream bug #6702 CVE-2010-1230 KDC double free caused by ticket
renewal (MITKRB5-SA-2010-004)
--
To UNSUBSCRIBE,
tags 577490 security
thanks
upstream advisory is pending
CVE-2010-1320
CVSSv2 vector AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Tom Yu writes:
> tags 567052 security
> thanks
>
>
> upstream advisory is pending
>
> CVE-2010-1320
>
> CVSSv2 vector AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Please ignore the previous; it was meant for 577490.
--
To UNSUBSCRIBE, email to debian-bugs-dist-re
tags 567052 security
thanks
upstream advisory is pending
CVE-2010-1320
CVSSv2 vector AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
retitle 567052 kadmind segfault
forwarded 567052 http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998
tags 567052 fixed-upstream
thanks
[If someone with more Debian clue could chase down what package
version contains the fix and could update the bug with a "fixed"
version accordingly, I would grea
severity 421187 important
tags 421187 fixed-upstream
thanks
I have observed that the krb5 package has difficulty fully running its
test suite (repeatably stalls in several places) without the patch I
provided. Sam Hartman confirms this behavior. I suggest that this
merits raising the severity.
y; urgency=low
+
+ * Upstream patch to handle empty writes.
+
+ -- Tom Yu Wed, 17 Jun 2009 14:20:08 -0400
+
expect (5.43.0-17) unstable; urgency=low
* Reordering removal of config.guess and config.sub in clean target
diff -u expect-5.43.0/debian/patches/00list expect-5.43.0/debian/
29 matches
Mail list logo
