Debian Bug report logs -
#670918
CVE-2012-1012
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Mon, 30 Apr 2012 12:33:27 UTC
Severity: normal
Tags: security
Found in version 1.10+dfsg~beta1-2
Fixed in version krb5/1.10.1+dfsg-1
Done: Sam Hartman <hartmans@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Sam Hartman <hartmans@debian.org>
:
Bug#670918
; Package krb5
.
(Mon, 30 Apr 2012 12:33:30 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Sam Hartman <hartmans@debian.org>
.
(Mon, 30 Apr 2012 12:33:35 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: krb5
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1012 for details
Squeeze is not affected.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Sam Hartman <hartmans@debian.org>
:
Bug#670918
; Package krb5
.
(Mon, 30 Apr 2012 13:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>
:
Extra info received and forwarded to list. Copy sent to Sam Hartman <hartmans@debian.org>
.
(Mon, 30 Apr 2012 13:27:07 GMT) (full text, mbox, link).
Message #10 received at 670918@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
found 670918 1.10+dfsg~beta1-2
kthxbye
On Mon, Apr 30, 2012 at 14:31:05 +0200, Moritz Muehlenhoff wrote:
> Package: krb5
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1012 for details
>
> Squeeze is not affected.
>
Then maybe use a Version pseudo header to let the BTS know?
Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions 1.10+dfsg~beta1-2.
Request was from Julien Cristau <jcristau@debian.org>
to control@bugs.debian.org
.
(Mon, 30 Apr 2012 13:27:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#670918
; Package krb5
.
(Wed, 09 May 2012 00:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sam Hartman <hartmans@debian.org>
:
Extra info received and forwarded to list.
(Wed, 09 May 2012 00:51:06 GMT) (full text, mbox, link).
Message #17 received at 670918@bugs.debian.org (full text, mbox, reply):
severity 670918 normal
thanks
>>>>> "Moritz" == Moritz Muehlenhoff <muehlenhoff@univention.de> writes:
Moritz> Package: krb5 Severity: grave Tags: security
Moritz> Please see
Moritz> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1012
Moritz> for details
I agree that Debian has the bug, but as Redhat points out there's not a
security impact unless you're using string attributes, which the core
code (and that in Debian ) doesn't use.
So, I think this is not RC.
Severity set to 'normal' from 'grave'
Request was from Sam Hartman <hartmans@debian.org>
to control@bugs.debian.org
.
(Wed, 09 May 2012 00:51:15 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Sam Hartman <hartmans@debian.org>
to control@bugs.debian.org
.
(Wed, 09 May 2012 01:51:05 GMT) (full text, mbox, link).
Reply sent
to Sam Hartman <hartmans@debian.org>
:
You have taken responsibility.
(Thu, 10 May 2012 22:12:27 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>
:
Bug acknowledged by developer.
(Thu, 10 May 2012 22:12:27 GMT) (full text, mbox, link).
Message #26 received at 670918-close@bugs.debian.org (full text, mbox, reply):
Source: krb5
Source-Version: 1.10.1+dfsg-1
We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive:
krb5-admin-server_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-admin-server_1.10.1+dfsg-1_amd64.deb
krb5-doc_1.10.1+dfsg-1_all.deb
to main/k/krb5/krb5-doc_1.10.1+dfsg-1_all.deb
krb5-gss-samples_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-gss-samples_1.10.1+dfsg-1_amd64.deb
krb5-kdc-ldap_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-kdc-ldap_1.10.1+dfsg-1_amd64.deb
krb5-kdc_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-kdc_1.10.1+dfsg-1_amd64.deb
krb5-locales_1.10.1+dfsg-1_all.deb
to main/k/krb5/krb5-locales_1.10.1+dfsg-1_all.deb
krb5-multidev_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-multidev_1.10.1+dfsg-1_amd64.deb
krb5-pkinit_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-pkinit_1.10.1+dfsg-1_amd64.deb
krb5-user_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/krb5-user_1.10.1+dfsg-1_amd64.deb
krb5_1.10.1+dfsg-1.debian.tar.gz
to main/k/krb5/krb5_1.10.1+dfsg-1.debian.tar.gz
krb5_1.10.1+dfsg-1.dsc
to main/k/krb5/krb5_1.10.1+dfsg-1.dsc
krb5_1.10.1+dfsg.orig.tar.gz
to main/k/krb5/krb5_1.10.1+dfsg.orig.tar.gz
libgssapi-krb5-2_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libgssapi-krb5-2_1.10.1+dfsg-1_amd64.deb
libgssrpc4_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libgssrpc4_1.10.1+dfsg-1_amd64.deb
libk5crypto3_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libk5crypto3_1.10.1+dfsg-1_amd64.deb
libkadm5clnt-mit8_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkadm5clnt-mit8_1.10.1+dfsg-1_amd64.deb
libkadm5srv-mit8_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkadm5srv-mit8_1.10.1+dfsg-1_amd64.deb
libkdb5-6_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkdb5-6_1.10.1+dfsg-1_amd64.deb
libkrb5-3_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkrb5-3_1.10.1+dfsg-1_amd64.deb
libkrb5-dbg_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkrb5-dbg_1.10.1+dfsg-1_amd64.deb
libkrb5-dev_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkrb5-dev_1.10.1+dfsg-1_amd64.deb
libkrb5support0_1.10.1+dfsg-1_amd64.deb
to main/k/krb5/libkrb5support0_1.10.1+dfsg-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 670918@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <hartmans@debian.org> (supplier of updated krb5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 May 2012 16:32:13 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Description:
krb5-admin-server - MIT Kerberos master server (kadmind)
krb5-doc - Documentation for MIT Kerberos
krb5-gss-samples - MIT Kerberos GSS Sample applications
krb5-kdc - MIT Kerberos key server (KDC)
krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
krb5-locales - Internationalization support for MIT Kerberos
krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
krb5-pkinit - PKINIT plugin for MIT Kerberos
krb5-user - Basic programs to authenticate using MIT Kerberos
libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
libkdb5-6 - MIT Kerberos runtime libraries - Kerberos database
libkrb5-3 - MIT Kerberos runtime libraries
libkrb5-dbg - Debugging files for MIT Kerberos
libkrb5-dev - Headers and development libraries for MIT Kerberos
libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 642229 657027 658437 658514 659072 660869 670457 670918 672075
Changes:
krb5 (1.10.1+dfsg-1) unstable; urgency=low
.
* New Upstream Version
- Set display_name in gss_get_name_attribute, Closes: #658514
* Fix use counts on preauthentication, Closes: #670457
* Fix kadmin access controls, Closes: #670918
* Accept NMU with longer hostname, Closes: #657027
* Fix history from old databases, Closes: #660869
* Fix gcc 4.6.2 may be used uninitialized warnings/errors, Closes: #672075
* Check all keys in keytab for verifying credentials, Possibly fixes:
#669127
* Avoid multi-arch libpath in krb5-config, Closes: #642229
* Debconf translations:
- Turkish debconf Translation, Thanks Atila KOC, Closes: #659072
- Polish, thanks Michal/ Kul/ach, Closes: #658437
Checksums-Sha1:
d88ab46f2ceb5902ffad38a829af3c44ad280094 2287 krb5_1.10.1+dfsg-1.dsc
dd4efcb604aec3f7faca0cb97e9dbd1f456c710e 10638231 krb5_1.10.1+dfsg.orig.tar.gz
923d75acfe2f2c074fa76eb445370a062182cbbd 130182 krb5_1.10.1+dfsg-1.debian.tar.gz
e81537c0161142354408425403961a1d3ac7a3c6 2668310 krb5-doc_1.10.1+dfsg-1_all.deb
005bda4671987103d23ae39fcdcd397ba6f5bf40 1501690 krb5-locales_1.10.1+dfsg-1_all.deb
2d2ede971ea46931507a8fc4be2f0ab7e7f36e23 153118 krb5-user_1.10.1+dfsg-1_amd64.deb
e24422bc0ed61ff20cdcb07ff958033fb44bc37b 224080 krb5-kdc_1.10.1+dfsg-1_amd64.deb
a6eeccd279ef450ca74accc29526c5ff523e5d22 119488 krb5-kdc-ldap_1.10.1+dfsg-1_amd64.deb
56d9e592bc58013f299b666481bf5c546b06a3a1 121262 krb5-admin-server_1.10.1+dfsg-1_amd64.deb
5a50e596d21e197d4b66f8aae9c6758e899a9401 153022 krb5-multidev_1.10.1+dfsg-1_amd64.deb
939dfe0f0a1f52fe62ec56847b63a636f98b65a2 39396 libkrb5-dev_1.10.1+dfsg-1_amd64.deb
a71264e9be409fcc19ca19e8a5d74c60797c8a79 2202982 libkrb5-dbg_1.10.1+dfsg-1_amd64.deb
a6a09c634f7c151e589b11bc1f42387a62db40ec 81554 krb5-pkinit_1.10.1+dfsg-1_amd64.deb
b89c6783f0145c54722f5170352600b1b628bc07 393364 libkrb5-3_1.10.1+dfsg-1_amd64.deb
1f670a0f5743d524cedbd46dc0d27f4b5b4d16e4 147402 libgssapi-krb5-2_1.10.1+dfsg-1_amd64.deb
3a39c6cd2fbd617c233d1c3fdcb942c3f82e8be6 87340 libgssrpc4_1.10.1+dfsg-1_amd64.deb
3de7ca6fccfb177011ddd9f5e69e4cc63b55c412 84390 libkadm5srv-mit8_1.10.1+dfsg-1_amd64.deb
64a066dd7a7e820c4d9ba8a051c2fb35b880f078 67366 libkadm5clnt-mit8_1.10.1+dfsg-1_amd64.deb
db33e55c8a0136bda4e3586b9311c8df7eb60faa 111880 libk5crypto3_1.10.1+dfsg-1_amd64.deb
5f6dc6f8d673e6ae51c23813095d3b00d2c44739 66166 libkdb5-6_1.10.1+dfsg-1_amd64.deb
936ff7c6a4f781ebb9fa4ffaeb8894c4f98b4591 48982 libkrb5support0_1.10.1+dfsg-1_amd64.deb
53cc45393c75aec0edb6812cfb50af3ba6553ad2 51282 krb5-gss-samples_1.10.1+dfsg-1_amd64.deb
Checksums-Sha256:
712f1a564fc12c27484b98fb04c1a27cdb5490937908481b4b6484eac3af7a54 2287 krb5_1.10.1+dfsg-1.dsc
f0b63fb8ffd0ae0bf3276da37fc55857079c75dccf78b31d628a0aeccfa8b183 10638231 krb5_1.10.1+dfsg.orig.tar.gz
fa9dc83fd83da93a37538c0306f09031c09d133e7f99d58191257ce3c5983de9 130182 krb5_1.10.1+dfsg-1.debian.tar.gz
941e57e299c32e7193bbd30cd437ded2758994eff50636c995ef3722bf09d284 2668310 krb5-doc_1.10.1+dfsg-1_all.deb
fefd967bf67403c35914d897ab501b14fd180e42f399ec4032fe6a82d368d8d7 1501690 krb5-locales_1.10.1+dfsg-1_all.deb
6f44643842082c4f678e8a660b0770fff29c2581e0e9652bb2eedd1a651d8234 153118 krb5-user_1.10.1+dfsg-1_amd64.deb
715c5bff46eeaf8ccb02efb9bcceeb4efcfb0b055133b2c02ab8fb424b2854a8 224080 krb5-kdc_1.10.1+dfsg-1_amd64.deb
5ee388491ba2e65e0e936c6a1102e9641b263a09a4d8a367e42de041d8df3f1a 119488 krb5-kdc-ldap_1.10.1+dfsg-1_amd64.deb
dd987af30f128f4a7ce821913b46efa2a51612680d605ba2c40de27b501b6351 121262 krb5-admin-server_1.10.1+dfsg-1_amd64.deb
5359f489c6005f62d29e0999a7dadd2e4f83598eaa6d8911979bc7927be3e0f6 153022 krb5-multidev_1.10.1+dfsg-1_amd64.deb
d5bb49fe2bb6cbcf34e869e6b3c8592cf49add02e8af85c65a07a25239eed489 39396 libkrb5-dev_1.10.1+dfsg-1_amd64.deb
290cbbd8e179aab8bb883d231785a433c587f6217acc87d3350775771f9b7b94 2202982 libkrb5-dbg_1.10.1+dfsg-1_amd64.deb
761f74ef8b79a91df57a274b09649cb9f0f67b5a9ada6ff702a87d890f35e287 81554 krb5-pkinit_1.10.1+dfsg-1_amd64.deb
244d42622114ebdd33cd68a92de7ea3e399407d279f044689b1a5fb0b87ae3bf 393364 libkrb5-3_1.10.1+dfsg-1_amd64.deb
f5f6841a307e6caa4d819d5c5814e026f8faef87ad2c506923553c28bf33707e 147402 libgssapi-krb5-2_1.10.1+dfsg-1_amd64.deb
2700acb47792fe3cbaebfb4a5c43f4224795fb62804eec9d8752527eaabf33c1 87340 libgssrpc4_1.10.1+dfsg-1_amd64.deb
9597c9b1a6f5099ca7490b7170cad710d8de0b5cebf2b215c53f9c98422b6507 84390 libkadm5srv-mit8_1.10.1+dfsg-1_amd64.deb
5dbcad76f998aecfc24f9b25d01b77bf603b7b628ba4c460073a4e99ad8ab6c0 67366 libkadm5clnt-mit8_1.10.1+dfsg-1_amd64.deb
056506dd6602a6254df502d007386892b0d1c87b99ea0014ec51b92ba136b118 111880 libk5crypto3_1.10.1+dfsg-1_amd64.deb
d406b047ca7cbe6dffd598961917dbcaa69b19c92d29ed9f77f64bb85cb557ed 66166 libkdb5-6_1.10.1+dfsg-1_amd64.deb
0dda2694b644130090a78de88d2fe597a88c2a90f69791a38092c9bb09cae016 48982 libkrb5support0_1.10.1+dfsg-1_amd64.deb
4bf07f217c96b7b014ab161381f1fa0ecd185112cc6582124eae639b3b66b3d1 51282 krb5-gss-samples_1.10.1+dfsg-1_amd64.deb
Files:
e61f4adead5d4bf2300cd38e27cf7fee 2287 net standard krb5_1.10.1+dfsg-1.dsc
3da41835dd4df7d4f3583f82cdbf1a84 10638231 net standard krb5_1.10.1+dfsg.orig.tar.gz
57728e4fad6f2ce369de4f66d11425c6 130182 net standard krb5_1.10.1+dfsg-1.debian.tar.gz
5a6b6cc46a9f7c9c24390fb65fa4c0f7 2668310 doc optional krb5-doc_1.10.1+dfsg-1_all.deb
3a3117433c9db2e2b7ee2918029e15a2 1501690 localization standard krb5-locales_1.10.1+dfsg-1_all.deb
c97304a51e50ae23682ac45a19e51e95 153118 net optional krb5-user_1.10.1+dfsg-1_amd64.deb
ae56e4924d1e43e7b1ee2c8f38db4de6 224080 net optional krb5-kdc_1.10.1+dfsg-1_amd64.deb
94dfcd19c1c8e51147c7fdcd12da9668 119488 net extra krb5-kdc-ldap_1.10.1+dfsg-1_amd64.deb
f918f203aad450622ec90b9db0146dc1 121262 net optional krb5-admin-server_1.10.1+dfsg-1_amd64.deb
2c7e8c3d3285f69a7b95ffe7bfee4723 153022 libdevel optional krb5-multidev_1.10.1+dfsg-1_amd64.deb
6e49e0be849b7a39f2a7c2ca20bbb478 39396 libdevel extra libkrb5-dev_1.10.1+dfsg-1_amd64.deb
e02278ca6f18fd1d8566ca67534a2497 2202982 debug extra libkrb5-dbg_1.10.1+dfsg-1_amd64.deb
84e75684ece51eef7d00d34aa46c4426 81554 net extra krb5-pkinit_1.10.1+dfsg-1_amd64.deb
708c6b9e1d5e18ed1460beed7f61ad7d 393364 libs standard libkrb5-3_1.10.1+dfsg-1_amd64.deb
ee507a27e628c7f5e345019d382bfac9 147402 libs standard libgssapi-krb5-2_1.10.1+dfsg-1_amd64.deb
cd8ef4387f260f9e4fb3aa5de2117119 87340 libs standard libgssrpc4_1.10.1+dfsg-1_amd64.deb
d883d7c1cc2498d3f4f385c494a6e4c0 84390 libs standard libkadm5srv-mit8_1.10.1+dfsg-1_amd64.deb
ac2e321aae5a79250a8e505572b1908d 67366 libs standard libkadm5clnt-mit8_1.10.1+dfsg-1_amd64.deb
59b69f8a0fa1d2d06e4d226c03454688 111880 libs standard libk5crypto3_1.10.1+dfsg-1_amd64.deb
6e92dca0c681e64e92fc655ddc454bf5 66166 libs standard libkdb5-6_1.10.1+dfsg-1_amd64.deb
b2514bd3666fe065d0cd45771090dea8 48982 libs standard libkrb5support0_1.10.1+dfsg-1_amd64.deb
e89c04460f010a8d12e7826baaf784ce 51282 net extra krb5-gss-samples_1.10.1+dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+sOOkACgkQ/I12czyGJg8CkgCgkgtbMUyn0jux6pb/PtcdceKD
270An2ZQgIz1bjvdLxUc2JZutIZTJ61Q
=bXYH
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 18 Jun 2012 07:36:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:28:04 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.