[ubuntu/questing-proposed] krb5 1.21.3-5ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Fri Jul 25 17:59:16 UTC 2025
krb5 (1.21.3-5ubuntu1) questing; urgency=medium
* Merge with Debian unstable (LP: #2110460). Remaining changes:
- SECURITY UPDATE: Use of MD5-based message authentication over plaintext
communications could lead to forgery attacks.
+ debian/patches/CVE-2024-3596.patch: Secure Response Authentication
by adding support for the Message-Authenticator attribute in non-EAP
authentication methods.
+ CVE-2024-3596
- Update libk5crypto3 symbols: add k5_hmac_md5 symbol.
- SECURITY UPDATE: denial of service via two memory leaks
+ debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in
src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.
+ CVE-2024-26458
+ CVE-2024-26461
* Dropped:
- SECURITY UPDATE: kadmind DoS via iprop log file
+ debian/patches/CVE-2025-24528.patch: prevent overflow when
calculating ulog block size in src/lib/kdb/kdb_log.c.
+ CVE-2025-24528
[In 1.21.3-5]
krb5 (1.21.3-5) unstable; urgency=medium
* Non-maintainer upload with maintainer agreement.
* Fix CVE-2025-24528: Prevent overflow when calculating
ulog block size (Closes: #1094730)
Date: Tue, 22 Jul 2025 15:48:33 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/krb5/1.21.3-5ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 22 Jul 2025 15:48:33 -0300
Source: krb5
Built-For-Profiles: noudeb
Architecture: source
Version: 1.21.3-5ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Closes: 1094730
Launchpad-Bugs-Fixed: 2110460
Changes:
krb5 (1.21.3-5ubuntu1) questing; urgency=medium
.
* Merge with Debian unstable (LP: #2110460). Remaining changes:
- SECURITY UPDATE: Use of MD5-based message authentication over plaintext
communications could lead to forgery attacks.
+ debian/patches/CVE-2024-3596.patch: Secure Response Authentication
by adding support for the Message-Authenticator attribute in non-EAP
authentication methods.
+ CVE-2024-3596
- Update libk5crypto3 symbols: add k5_hmac_md5 symbol.
- SECURITY UPDATE: denial of service via two memory leaks
+ debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in
src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.
+ CVE-2024-26458
+ CVE-2024-26461
* Dropped:
- SECURITY UPDATE: kadmind DoS via iprop log file
+ debian/patches/CVE-2025-24528.patch: prevent overflow when
calculating ulog block size in src/lib/kdb/kdb_log.c.
+ CVE-2025-24528
[In 1.21.3-5]
.
krb5 (1.21.3-5) unstable; urgency=medium
.
* Non-maintainer upload with maintainer agreement.
* Fix CVE-2025-24528: Prevent overflow when calculating
ulog block size (Closes: #1094730)
Checksums-Sha1:
0c739bd1a0f53a423b60f5e9fe44c0869a05e5c0 3950 krb5_1.21.3-5ubuntu1.dsc
44ed642c6743cf8fa3d7e2fdfc209f589bfb9500 111424 krb5_1.21.3-5ubuntu1.debian.tar.xz
5531d094314650c86180832698489af076239054 6645 krb5_1.21.3-5ubuntu1_source.buildinfo
Checksums-Sha256:
6d6eff091da3cf77a147631b8940cb6bb114ed220b9269b2e0dfaf08faca2199 3950 krb5_1.21.3-5ubuntu1.dsc
6a703173917d58926c02531ccae7201cb44a1e67ca089f48f9aac599103128bb 111424 krb5_1.21.3-5ubuntu1.debian.tar.xz
e11c562b7ec1298012b1f65e1cf1a4cf4e23d034895bdb21a025900cd6ec6295 6645 krb5_1.21.3-5ubuntu1_source.buildinfo
Files:
e47e1b4e4a9c08d76e892e0a3ced22d1 3950 net optional krb5_1.21.3-5ubuntu1.dsc
0ff1cc706424ba68664b97b93f85319d 111424 net optional krb5_1.21.3-5ubuntu1.debian.tar.xz
f4297b86c6111870c4fd826b1c19482b 6645 net optional krb5_1.21.3-5ubuntu1_source.buildinfo
Original-Maintainer: Sam Hartman <hartmans at debian.org>
Vcs-Git: https://git.launchpad.net/~ahasenack/ubuntu/+source/krb5
Vcs-Git-Commit: 9135c4ddaf41d43d915d6d8fbaceec1754fd4ef9
Vcs-Git-Ref: refs/heads/questing-krb5-merge-1
More information about the Questing-changes
mailing list