Debian Bug report logs -
#683429
CVE-2012-1014/CVE-2012-1015: KDC heap corruption and crash vulnerabilities
Reported by: Henri Salo <henri@nerv.fi>
Date: Tue, 31 Jul 2012 18:45:02 UTC
Severity: important
Tags: security
Found in version 1.8.3+dfsg-4squeeze5
Fixed in versions krb5/1.8.3+dfsg-4squeeze6, 1.10.1+dfsg-2
Done: Yves-Alexis Perez <corsac@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>:
Bug#683429; Package krb5.
(Tue, 31 Jul 2012 18:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Sam Hartman <hartmans@debian.org>.
(Tue, 31 Jul 2012 18:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: krb5
Version: 1.8.3+dfsg-4squeeze5
Severity: important
Tags: security
Original report in here: http://seclists.org/bugtraq/2012/Jul/171
I haven't verified this manually in Debian-packages. Please ask if you need me to do it, thanks.
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply sent
to Sam Hartman <hartmans@debian.org>:
You have taken responsibility.
(Tue, 31 Jul 2012 19:39:07 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Tue, 31 Jul 2012 19:39:07 GMT) (full text, mbox, link).
Message #10 received at 683429-done@bugs.debian.org (full text, mbox, reply):
source: krb5
source-version: 1.8.3+dfsg-4squeeze6
I expect the security team will be issuing a DSA within a couple of
days.
Also, for unstable, fixed in 1.10.1+dfsg-2
The uploads happened before you opened the bug so they are not reflected
in the changelog.
Note that squeeze is vulnerable only to one of the two CVEs.
Reply sent
to Yves-Alexis Perez <corsac@debian.org>:
You have taken responsibility.
(Tue, 31 Jul 2012 20:03:08 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Tue, 31 Jul 2012 20:03:08 GMT) (full text, mbox, link).
Message #15 received at 683429-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 1.10.1+dfsg-2
--
Yves-Alexis
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 31 Aug 2012 07:27:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:05:22 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon