[Bug 60998] Please sync 1.4.3-9 (main) from snapshot.d.o (main)
Martin Pitt
martin.pitt at ubuntu.com
Mon Sep 18 05:56:06 BST 2006
Public bug reported:
Please sync krb5 to Edgy to fix two security vulnerabilities (fixed in
stables long ago, but forgot sync request for edgy):
http://snapshot.debian.net/archive/2006/08/09/debian/pool/main/k/krb5/krb5_1.4.3-9.dsc
http://snapshot.debian.net/archive/2006/08/09/debian/pool/main/k/krb5/krb5_1.4.3-9.diff.gz
krb5 (1.4.3-9) unstable; urgency=high
* Add error checking to setuid, setreuid to avoid local privilege
escalation ; fixes krb5-sa-2006-1, CVE-2006-3084, CVE-2006-3083
* Update standards version to 3.7.2 (no changes required).
* Translation updates.
- Russian, thanks Yuri Kozlov. (Closes: #380303)
-- Sam Hartman <hartmans at debian.org> Sun, 6 Aug 2006 17:12:40 -0400
krb5 (1.4.3-8) unstable; urgency=low
* Defer seeding of the random number generator in kadmind until after
forking and backgrounding, since otherwise blocking on /dev/random may
block system startup. (Closes: #364308)
* Update config.{guess,sub}. (Closes: #373727)
* Better fix for error handling of a zero-length keytab. Thanks,
Rainer Weikusat.
-- Russ Allbery <rra at debian.org> Sun, 16 Jul 2006 08:59:20 -0700
** Affects: krb5 (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
--
Please sync 1.4.3-9 (main) from snapshot.d.o (main)
https://launchpad.net/bugs/60998
More information about the ubuntu-archive
mailing list