CVE-2014-4343 in krb5: double-free in SPNEGO initiators

Debian Bug report logs - #755520
CVE-2014-4343 in krb5: double-free in SPNEGO initiators

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Benjamin Kaduk <kaduk@MIT.EDU>

To: submit@bugs.debian.org

Subject: CVE-2014-4343 in krb5: double-free in SPNEGO initiators

Date: Mon, 21 Jul 2014 13:13:27 -0400 (EDT)

Package: libgssapi-krb5-2
Version: 1.10.1+dfsg-5+deb7u1

Upstream has committed a fix for CVE-2014-4343 to their git repo; we 
should take it as well, and probably push it back into the -security repos 
for stable.

It's a double-free in clients, but not the default configuration.

I should be able to get the patch into git later today.

Sam, are you going to be too busy with IETF to do the upload?

-Ben

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Sam Hartman <hartmans@debian.org>

To: Benjamin Kaduk <kaduk@MIT.EDU>

Cc: 755520@bugs.debian.org, submit@bugs.debian.org

Subject: Re: Bug#755520: CVE-2014-4343 in krb5: double-free in SPNEGO initiators

Date: Mon, 21 Jul 2014 13:23:09 -0400

I'm not at ietf this week.
If you corner me on Jabber I'm happy to coordinate on an unstable
upload.

If you get a go ahead from security for any of this I'm happy to help
with a stable upload

Message #24 received at 755520-close@bugs.debian.org (full text, mbox, reply):

From: Benjamin Kaduk <kaduk@mit.edu>

To: 755520-close@bugs.debian.org

Subject: Bug#755520: fixed in krb5 1.12.1+dfsg-5

Date: Wed, 23 Jul 2014 21:44:25 +0000

Source: krb5
Source-Version: 1.12.1+dfsg-5

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 755520@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 21 Jul 2014 17:27:10 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev
Architecture: source all amd64
Version: 1.12.1+dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-otp   - OTP plugin for MIT Kerberos
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-7  - MIT Kerberos runtime libraries - Kerberos database
 libkrad-dev - MIT Kerberos RADIUS Library Development
 libkrad0   - MIT Kerberos runtime libraries - RADIUS library
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 755520 755521
Changes: 
 krb5 (1.12.1+dfsg-5) unstable; urgency=high
 .
   * Apply upstream patches for CVE-2014-4343, CVE-2014-4344, Closes: #755520,
     Closes: #755521
Checksums-Sha1: 
 89f7cfbaf8685961ccc8e5bd2963d8bfdd12abc7 2487 krb5_1.12.1+dfsg-5.dsc
 b1f66d54437d64e44bb0b7a18bd4508f37874b47 97832 krb5_1.12.1+dfsg-5.debian.tar.xz
 8838b1cdfa90266f7ca043b008b1e24b2edbcabd 4690996 krb5-doc_1.12.1+dfsg-5_all.deb
 c3ac0e538b4ae9de2b05b3de313a204be9a849a1 2647766 krb5-locales_1.12.1+dfsg-5_all.deb
 cd1bbee6982eab680443c3c6416299850be60361 135066 krb5-user_1.12.1+dfsg-5_amd64.deb
 cac96c8876e4f8c0e1b6e3caef81b7a92e919e70 205434 krb5-kdc_1.12.1+dfsg-5_amd64.deb
 058c6ee455b77b74a92111711b2d723ef563fa4b 108880 krb5-kdc-ldap_1.12.1+dfsg-5_amd64.deb
 5134cd9fd80cc76153a8fb01f4c76a78c0559ac5 113592 krb5-admin-server_1.12.1+dfsg-5_amd64.deb
 fd1abd00bb710b86ff429c728908498bf2433090 140486 krb5-multidev_1.12.1+dfsg-5_amd64.deb
 8b58990306648d55210b07d7eb72618e8dc25a2d 43876 libkrb5-dev_1.12.1+dfsg-5_amd64.deb
 d4b5bf86f5430da915726916ff775c1102750a9d 1406456 libkrb5-dbg_1.12.1+dfsg-5_amd64.deb
 9f5edfd91413c20f40b6e32fbf93df19e6fc6c0f 81438 krb5-pkinit_1.12.1+dfsg-5_amd64.deb
 346a462580fd1f57438f161e81c821322f5334f7 46392 krb5-otp_1.12.1+dfsg-5_amd64.deb
 c4ae7857889d79c9ceb2f875f51602162a59899d 297986 libkrb5-3_1.12.1+dfsg-5_amd64.deb
 9e6bc7f852f72b58dd629c10357ba3c3aa02bcbf 146966 libgssapi-krb5-2_1.12.1+dfsg-5_amd64.deb
 8b2cd105a01515884f6c6ad1dcf6fb8be34b40aa 84208 libgssrpc4_1.12.1+dfsg-5_amd64.deb
 655ab67e1a0c4c900c998c28158e1162289216e9 80608 libkadm5srv-mit9_1.12.1+dfsg-5_amd64.deb
 a598e94a5ba0eb666e62929bdd4fb33f44ba9d56 66100 libkadm5clnt-mit9_1.12.1+dfsg-5_amd64.deb
 b0341124416fedb9009c71ab8c8e0a848e7774d2 111288 libk5crypto3_1.12.1+dfsg-5_amd64.deb
 bdfea2b399395386c312e23024cee5be517b613e 66162 libkdb5-7_1.12.1+dfsg-5_amd64.deb
 8defdd2a50ca7e8c6aa850b53475abf4d1fb6225 57038 libkrb5support0_1.12.1+dfsg-5_amd64.deb
 90b6373723b1378b64920822384387af0bf046c2 50854 libkrad0_1.12.1+dfsg-5_amd64.deb
 33aef4f2b9818dcab54fa1ad5aeaf0be50b291d2 54212 krb5-gss-samples_1.12.1+dfsg-5_amd64.deb
 1aa67fd5a346b6d96131c53edc3be1d0edb4f41f 41312 libkrad-dev_1.12.1+dfsg-5_amd64.deb
Checksums-Sha256: 
 e4b252243f433fe76eef4422dc73b2cda1e0ca2b1a315730b2d435b4bf1a44f9 2487 krb5_1.12.1+dfsg-5.dsc
 05b49bfc68aad38f4aae335f12252eccb2eda1dd86b52215636cafd1116f4de5 97832 krb5_1.12.1+dfsg-5.debian.tar.xz
 933c3220819d2fd8cd803ba6d7e5492c2ceee74c61f3f41dde83fae3b6f186a0 4690996 krb5-doc_1.12.1+dfsg-5_all.deb
 58fc3dd95c963052b152e24f802c319759407a672c37312947bc0bd0a4971440 2647766 krb5-locales_1.12.1+dfsg-5_all.deb
 9eee2efceaf76b1f2ef371d74f684e301d15e83abe047309d35c78b45cc29756 135066 krb5-user_1.12.1+dfsg-5_amd64.deb
 1c55b929808a4cb7f2d7cdf8c9e52f77a8165ee240786aea95cc60fafedba289 205434 krb5-kdc_1.12.1+dfsg-5_amd64.deb
 b629eff3670490a90be3e3e048874dafe745c948d5d2abbcd09531f48551f378 108880 krb5-kdc-ldap_1.12.1+dfsg-5_amd64.deb
 fe4b47e7f24ddb3e40198eba50ee83e5587544b723d0ed84da95db7608aab49f 113592 krb5-admin-server_1.12.1+dfsg-5_amd64.deb
 5f609eeea7b74f127d16285c7b84038aeee6a6115404727fafb3ce8340235c99 140486 krb5-multidev_1.12.1+dfsg-5_amd64.deb
 e360f052dcbdbdb46057e5960a970057b01798fdbd63b3603de7c695d227d6d8 43876 libkrb5-dev_1.12.1+dfsg-5_amd64.deb
 e94aeb9e9245b6459fae727cb45078c4b1de2b64a71d10752cb60b92060bf15e 1406456 libkrb5-dbg_1.12.1+dfsg-5_amd64.deb
 a8342ac3513aba750012b9ae9cbb1dd8f9ee5fa1318a5a6445701024b5039e67 81438 krb5-pkinit_1.12.1+dfsg-5_amd64.deb
 c522d11d573a4a63ce1d20bee08e99e710144a4fd9d871b0ee484dc6d66da58e 46392 krb5-otp_1.12.1+dfsg-5_amd64.deb
 3bdbc39bce8e96b394c39230be5068235704a55b2bc8d65db2006c8bfc1b61a6 297986 libkrb5-3_1.12.1+dfsg-5_amd64.deb
 455f8f420bb23bb1e6a04b7941e893b1b84576542ffd20e0ca8b58c374505e86 146966 libgssapi-krb5-2_1.12.1+dfsg-5_amd64.deb
 07592fd9a501af3f607b8a5d8ef6fdaa9f0ae3b44bbfa6eb11b720ea91ddf760 84208 libgssrpc4_1.12.1+dfsg-5_amd64.deb
 8f09c09277026b16682020a89e83cab0c0c5436f5dc45005766658d07141f7a4 80608 libkadm5srv-mit9_1.12.1+dfsg-5_amd64.deb
 a8faedd13161f5b8861b430d3ef463de878f6174dd146ed0e653f4a216dba7cd 66100 libkadm5clnt-mit9_1.12.1+dfsg-5_amd64.deb
 5bbc624fc070e11ec16c2538a823bea27aef6ba78a9d44aa288656450d44f624 111288 libk5crypto3_1.12.1+dfsg-5_amd64.deb
 ba494439caaff3df85eaea0bf92cace5ef1bc0fd127d79077ff6861c451ceef2 66162 libkdb5-7_1.12.1+dfsg-5_amd64.deb
 16419bc9fbe176ba1d14ecb5ab6271b6ba4a5834e176446932b7e2e423d48857 57038 libkrb5support0_1.12.1+dfsg-5_amd64.deb
 8df9b618552225a6944bb87c50add2a9e7ccf45d3472b8300e9be55dcac68ced 50854 libkrad0_1.12.1+dfsg-5_amd64.deb
 434bba659b965879d7bb47aabc320480d76ad70288eb6da51d3e1bdc6d82b5d1 54212 krb5-gss-samples_1.12.1+dfsg-5_amd64.deb
 a3e3242501eb4e03cd5f6829ccf02e159fd246ac19c24658f2a1fe9800c2e51c 41312 libkrad-dev_1.12.1+dfsg-5_amd64.deb
Files: 
 2febda4e016dfba6d42a5d593d07f01a 2487 net standard krb5_1.12.1+dfsg-5.dsc
 9bd87a3ae1553ffa40578abff535cc56 97832 net standard krb5_1.12.1+dfsg-5.debian.tar.xz
 f6e0ce2a9ca805f049cec6a97ab47357 4690996 doc optional krb5-doc_1.12.1+dfsg-5_all.deb
 61520c33453c0097db793526b10d809b 2647766 localization standard krb5-locales_1.12.1+dfsg-5_all.deb
 bc76b645bd80c096c1eecc67530e0541 135066 net optional krb5-user_1.12.1+dfsg-5_amd64.deb
 c21a132931aa599b7ae4bfe43c415b5a 205434 net optional krb5-kdc_1.12.1+dfsg-5_amd64.deb
 2d4f9627b47647c7177c64b9fe851b13 108880 net extra krb5-kdc-ldap_1.12.1+dfsg-5_amd64.deb
 3cd77b6bde9c6ac0e7f061d645a7473c 113592 net optional krb5-admin-server_1.12.1+dfsg-5_amd64.deb
 5dd726eaa60e0c8ee2c423800fd061a1 140486 libdevel optional krb5-multidev_1.12.1+dfsg-5_amd64.deb
 7db558ad5e519772f7ae5e13ce1dfa41 43876 libdevel extra libkrb5-dev_1.12.1+dfsg-5_amd64.deb
 34e756b45f85af5c3ca05610546342c0 1406456 debug extra libkrb5-dbg_1.12.1+dfsg-5_amd64.deb
 7eda40a95a09208e5c36c4246867c122 81438 net extra krb5-pkinit_1.12.1+dfsg-5_amd64.deb
 4ea603a838db5c25145a8e7c26f7230c 46392 net extra krb5-otp_1.12.1+dfsg-5_amd64.deb
 1a4a0fedb73a7495b6a972d9fa69aeae 297986 libs standard libkrb5-3_1.12.1+dfsg-5_amd64.deb
 dbbc04dec8c7db279951c69e79d5d2e7 146966 libs standard libgssapi-krb5-2_1.12.1+dfsg-5_amd64.deb
 d3c247c6599de309d2c20fcdd60baf0e 84208 libs standard libgssrpc4_1.12.1+dfsg-5_amd64.deb
 11476e54fcdeef700e976494d4362719 80608 libs standard libkadm5srv-mit9_1.12.1+dfsg-5_amd64.deb
 c21064ec32820215408da2db622f60d4 66100 libs standard libkadm5clnt-mit9_1.12.1+dfsg-5_amd64.deb
 de019aeffebc7927ef7dc1788c94de8b 111288 libs standard libk5crypto3_1.12.1+dfsg-5_amd64.deb
 99ca223d91e3d58c024d0fcc79b40d5a 66162 libs standard libkdb5-7_1.12.1+dfsg-5_amd64.deb
 42a691df1d43c1afbbf696fba68ee35a 57038 libs standard libkrb5support0_1.12.1+dfsg-5_amd64.deb
 70bfa3a1bfc6a638f102ecd69af00e76 50854 libs standard libkrad0_1.12.1+dfsg-5_amd64.deb
 7b9996a30fdff0847dfbf2329820556b 54212 net extra krb5-gss-samples_1.12.1+dfsg-5_amd64.deb
 45d2a29baf8a6f2c1b99da34ea2902d1 41312 libdevel extra libkrad-dev_1.12.1+dfsg-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlPQCdwACgkQ/I12czyGJg+rgACfQB2lUq1VSYMR3yqXfTMbTYEx
/bEAn15BUgKjQS3zJT3/7C3gQMfqExCK
=D3A8
-----END PGP SIGNATURE-----

Message #29 received at 755520-close@bugs.debian.org (full text, mbox, reply):

From: Benjamin Kaduk <kaduk@mit.edu>

To: 755520-close@bugs.debian.org

Subject: Bug#755520: fixed in krb5 1.10.1+dfsg-5+deb7u2

Date: Tue, 12 Aug 2014 22:07:00 +0000

Source: krb5
Source-Version: 1.10.1+dfsg-5+deb7u2

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 755520@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Benjamin Kaduk <kaduk@mit.edu> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 08 Aug 2014 12:12:09 -0400
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit8 libkadm5clnt-mit8 libk5crypto3 libkdb5-6 libkrb5support0 krb5-gss-samples krb5-locales
Architecture: source all amd64
Version: 1.10.1+dfsg-5+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Benjamin Kaduk <kaduk@mit.edu>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-gss-samples - MIT Kerberos GSS Sample applications
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-locales - Internationalization support for MIT Kerberos
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit8 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit8 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-6  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 753624 753625 755520 755521 757416
Changes: 
 krb5 (1.10.1+dfsg-5+deb7u2) stable-security; urgency=high
 .
   * Apply upstream patches for several issues:
     - CVE-2014-4341: denial of service due to improper GSSAPI message
       validation, Closes: #753624
     - CVE-2014-4342: denial of service due to improper GSSAPI message
       validation, Closes: #753625
     - CVE-2014-4343: double-free in SPNEGO initiator during renegotiation,
       Closes: #755520
     - CVE-2014-4344: NULL dereference in SPNEGO acceptor, Closes: #755521
     - CVE-2014-4345 [MITKRB5-SA-2014-001]: buffer overrun in kadmind with
       LDAP backend, Closes: #757416
Checksums-Sha1: 
 f527ead4f657368dac61fd1d85c9d3cdb58af549 2298 krb5_1.10.1+dfsg-5+deb7u2.dsc
 9a793ea3e2f67c0206a41bb376d90cc4209835c9 138587 krb5_1.10.1+dfsg-5+deb7u2.debian.tar.gz
 5ca44472ca56debafd4106a4347e3a76bc229e14 2668294 krb5-doc_1.10.1+dfsg-5+deb7u2_all.deb
 8b9e8c883260dee1854f04ec98a9af0e1478a002 1503172 krb5-locales_1.10.1+dfsg-5+deb7u2_all.deb
 2f968a1382b3a884f96a3ef981e1d279f640513a 153952 krb5-user_1.10.1+dfsg-5+deb7u2_amd64.deb
 55aa9eaab5865249fc5df82271f0da94a766ba60 225120 krb5-kdc_1.10.1+dfsg-5+deb7u2_amd64.deb
 9888be6c8dfc96656390113f40e382fa6440d53c 120928 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u2_amd64.deb
 ded386cc280c2ed3e2e07aa5fc6b0f45f9a375fe 123136 krb5-admin-server_1.10.1+dfsg-5+deb7u2_amd64.deb
 56c8c197fd2511ba7c72b20d66a78087351dc24d 153496 krb5-multidev_1.10.1+dfsg-5+deb7u2_amd64.deb
 d5a5889a22aafb7c963d623f9f6df78d6d0b261a 39748 libkrb5-dev_1.10.1+dfsg-5+deb7u2_amd64.deb
 b03720d0aca68b463864279fdddc2651413585e2 2203416 libkrb5-dbg_1.10.1+dfsg-5+deb7u2_amd64.deb
 6a7aaa11ed8ff495d0c781c12848758f14cb9708 82468 krb5-pkinit_1.10.1+dfsg-5+deb7u2_amd64.deb
 2fb8ba75fecaa9813bf664cbdbca4c7cd4ddd6a9 393316 libkrb5-3_1.10.1+dfsg-5+deb7u2_amd64.deb
 6b66b1e114de0739f7e3acc850689686bcf4b458 148158 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u2_amd64.deb
 de9d88b12738f2f2dc3e4a4c8ba5551cb85722b9 87652 libgssrpc4_1.10.1+dfsg-5+deb7u2_amd64.deb
 81ebe1838ca19bfdbc87f7806db7fa45b174bc46 84924 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u2_amd64.deb
 a852e5c56a304b9c4fb1e7e4445e5030b5a1f11d 68024 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u2_amd64.deb
 e7dd9ab17cf00b46e80054925b7a66659b8457d4 112664 libk5crypto3_1.10.1+dfsg-5+deb7u2_amd64.deb
 e68514bf88b3407131bd483cb88e1b5e15b104ec 67064 libkdb5-6_1.10.1+dfsg-5+deb7u2_amd64.deb
 cf8d7923a5b9f106ac96368605975f0232203f3c 49824 libkrb5support0_1.10.1+dfsg-5+deb7u2_amd64.deb
 c45d2981625c208b860d33e5c5d4e97368b92751 51836 krb5-gss-samples_1.10.1+dfsg-5+deb7u2_amd64.deb
Checksums-Sha256: 
 9a5ea7c5a229cb81d4b7a0da9dfa1c8b827bac1211fe87be2597133b17e5e984 2298 krb5_1.10.1+dfsg-5+deb7u2.dsc
 4dfa2a5eeafc5682d7e646b8042cc6928f64299904d1ef2b3627cc1744367102 138587 krb5_1.10.1+dfsg-5+deb7u2.debian.tar.gz
 6f4decaaa0962548810e50eb0667132b809869b26dc18580d88027786d7c021c 2668294 krb5-doc_1.10.1+dfsg-5+deb7u2_all.deb
 678639a04d89a1bf8734bcf60a4adfa65a8bbf1bf1cafc092b235100edd89f82 1503172 krb5-locales_1.10.1+dfsg-5+deb7u2_all.deb
 47a1fc3a52f3201c59b37d5bd5faa7a2f99ff138b8ba923d729ac2eaecf94331 153952 krb5-user_1.10.1+dfsg-5+deb7u2_amd64.deb
 33224b5a35d55d6e19d7507728cf953b80d0f76c086c038593bdf065c641c63a 225120 krb5-kdc_1.10.1+dfsg-5+deb7u2_amd64.deb
 ecdb6de9af054c9c7d660e030c912bd5782ad82664ce2bd6e294f82e0f227845 120928 krb5-kdc-ldap_1.10.1+dfsg-5+deb7u2_amd64.deb
 0914cbd16d5eb72672d138b18c7472ea10232b4133ad352df54f1389d5e3e24c 123136 krb5-admin-server_1.10.1+dfsg-5+deb7u2_amd64.deb
 354ec830b64b33f750ce21b10ec84238d62847a4601b5392cab0da95b76d8d5d 153496 krb5-multidev_1.10.1+dfsg-5+deb7u2_amd64.deb
 f096ae73a38474efed662f8871a3bad5edb3d412e59fa413e9bec6c790b0d99a 39748 libkrb5-dev_1.10.1+dfsg-5+deb7u2_amd64.deb
 4f5ce77e3ae8d228d440274279223618900084248a3ff436e78aaaeb6032ec40 2203416 libkrb5-dbg_1.10.1+dfsg-5+deb7u2_amd64.deb
 34314fc5f38c8d36a4f777d1d2c9d88d07df7628b1887b0005caa4252db5b13c 82468 krb5-pkinit_1.10.1+dfsg-5+deb7u2_amd64.deb
 d9e8b366d824c9ea3bfa36a6085d769ed28c2475a5a4ba0f84db8f4c376ac552 393316 libkrb5-3_1.10.1+dfsg-5+deb7u2_amd64.deb
 d1921edda9418569528f85f87f1474549a6f1506729c5d46918036fefc5122d0 148158 libgssapi-krb5-2_1.10.1+dfsg-5+deb7u2_amd64.deb
 43462f2e39e599022ef66ee16c48ef647d414b61ba26533e05b5360a0e024633 87652 libgssrpc4_1.10.1+dfsg-5+deb7u2_amd64.deb
 4cac7e9d7d4ed2e3ade19c5f5137f3c55f0d369ff52409e615d85411b3aa1d12 84924 libkadm5srv-mit8_1.10.1+dfsg-5+deb7u2_amd64.deb
 6ce7b66c69a2403e2f36498e926a785f8bcbe67876c4e128eeed1877a1f2bd12 68024 libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u2_amd64.deb
 9b8baca18afb7d97d6de7fc577530c3efaa45901979b16bd862341b18a46e9c6 112664 libk5crypto3_1.10.1+dfsg-5+deb7u2_amd64.deb
 4e144383383bbf25b1ac311a273c096ff1a47e61f530f13c5dff06f712521ef3 67064 libkdb5-6_1.10.1+dfsg-5+deb7u2_amd64.deb
 98e167707e7b420a5fba63c0c368d849efe32895c5f5acc8a3056def50e878ea 49824 libkrb5support0_1.10.1+dfsg-5+deb7u2_amd64.deb
 7ca8df14fa4ed2bc34025932b120da2cfd6a289609663818ff0838a77f2aedcf 51836 krb5-gss-samples_1.10.1+dfsg-5+deb7u2_amd64.deb
Files: 
 46e987369fe06081bf64b0b18014a5b1 2298 net standard krb5_1.10.1+dfsg-5+deb7u2.dsc
 a1759568c95f81a9937ff20cabcdd268 138587 net standard krb5_1.10.1+dfsg-5+deb7u2.debian.tar.gz
 52cd90525d8a542cca6b78e0455aa3cb 2668294 doc optional krb5-doc_1.10.1+dfsg-5+deb7u2_all.deb
 d885872c317280b4195c9d3e2b87c0fc 1503172 localization standard krb5-locales_1.10.1+dfsg-5+deb7u2_all.deb
 b52b0a2fe2fd2a7507fa59db5b12d8a1 153952 net optional krb5-user_1.10.1+dfsg-5+deb7u2_amd64.deb
 2bcfadfe1ed007f396577f12ebe8f0b8 225120 net optional krb5-kdc_1.10.1+dfsg-5+deb7u2_amd64.deb
 218ac08f738bc6a3f800d77d6b2aeda4 120928 net extra krb5-kdc-ldap_1.10.1+dfsg-5+deb7u2_amd64.deb
 782e680ab21f040a4b341184b5b9ebf7 123136 net optional krb5-admin-server_1.10.1+dfsg-5+deb7u2_amd64.deb
 98b229beff22debe70d1deb61f965f23 153496 libdevel optional krb5-multidev_1.10.1+dfsg-5+deb7u2_amd64.deb
 42bb475b1466c14eef228bf2bf6066f3 39748 libdevel extra libkrb5-dev_1.10.1+dfsg-5+deb7u2_amd64.deb
 f390d9209d95149a215814e27609e5b2 2203416 debug extra libkrb5-dbg_1.10.1+dfsg-5+deb7u2_amd64.deb
 713f0168228d3a11814cd1dadaaf4963 82468 net extra krb5-pkinit_1.10.1+dfsg-5+deb7u2_amd64.deb
 0892bc9cddc04a7ffb3c4d7d51a7d9bd 393316 libs standard libkrb5-3_1.10.1+dfsg-5+deb7u2_amd64.deb
 d2fac49a229ff29e0242f536b092c332 148158 libs standard libgssapi-krb5-2_1.10.1+dfsg-5+deb7u2_amd64.deb
 00986807a15ac2564cf9203b69fc1874 87652 libs standard libgssrpc4_1.10.1+dfsg-5+deb7u2_amd64.deb
 1add33fb34e8a939aab9d949a8c6f0f1 84924 libs standard libkadm5srv-mit8_1.10.1+dfsg-5+deb7u2_amd64.deb
 9b6fc1d8519c5b2bccc64a173e8d169f 68024 libs standard libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u2_amd64.deb
 52f684e84a9bfd7f3aa061fbb88c1fd0 112664 libs standard libk5crypto3_1.10.1+dfsg-5+deb7u2_amd64.deb
 1226b6146886e1fe8439b437f1fe8f05 67064 libs standard libkdb5-6_1.10.1+dfsg-5+deb7u2_amd64.deb
 b993adffe62bda77734edef9c7b8202e 49824 libs standard libkrb5support0_1.10.1+dfsg-5+deb7u2_amd64.deb
 8894dccce50e13e570ec0de222c6dbfb 51836 net extra krb5-gss-samples_1.10.1+dfsg-5+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlPlK78ACgkQ/I12czyGJg9FswCgp98E+3bbluhqOzH7fR6wdQji
JEgAn029K+w5t4nSFFKSky1oBdcEXaAV
=g/Hv
-----END PGP SIGNATURE-----

Message #34 received at 755520-close@bugs.debian.org (full text, mbox, reply):

From: Thorsten Alteholz <debian@alteholz.de>

To: 755520-close@bugs.debian.org

Subject: Bug#755520: fixed in krb5 1.8.3+dfsg-4squeeze8

Date: Mon, 18 Aug 2014 17:19:23 +0000

Source: krb5
Source-Version: 1.8.3+dfsg-4squeeze8

We believe that the bug you reported is fixed in the latest version of
krb5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 755520@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated krb5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 18 Jul 2014 18:00:24 +0200
Source: krb5
Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit7 libkadm5clnt-mit7 libk5crypto3 libkdb5-4 libkrb5support0 libkrb53
Architecture: source all i386
Version: 1.8.3+dfsg-4squeeze8
Distribution: squeeze-lts
Urgency: medium
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 krb5-admin-server - MIT Kerberos master server (kadmind)
 krb5-doc   - Documentation for MIT Kerberos
 krb5-kdc   - MIT Kerberos key server (KDC)
 krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin
 krb5-multidev - Development files for MIT Kerberos without Heimdal conflict
 krb5-pkinit - PKINIT plugin for MIT Kerberos
 krb5-user  - Basic programs to authenticate using MIT Kerberos
 libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
 libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC
 libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library
 libkadm5clnt-mit7 - MIT Kerberos runtime libraries - Administration Clients
 libkadm5srv-mit7 - MIT Kerberos runtime libraries - KDC and Admin Server
 libkdb5-4  - MIT Kerberos runtime libraries - Kerberos database
 libkrb5-3  - MIT Kerberos runtime libraries
 libkrb5-dbg - Debugging files for MIT Kerberos
 libkrb5-dev - Headers and development libraries for MIT Kerberos
 libkrb53   - transitional package for MIT Kerberos libraries
 libkrb5support0 - MIT Kerberos runtime libraries - Support library
Closes: 755520
Changes: 
 krb5 (1.8.3+dfsg-4squeeze8) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Apply upstream patches for several issues:
     - CVE-2014-4341: denial of service due to improper GSSAPI message
       validation, Bug: #753624
     - CVE-2014-4342: denial of service due to improper GSSAPI message
       validation, Bug: #753625
     - CVE-2014-4343: double-free in SPNEGO initiator during renegotiation,
       Closes: #755520
     - CVE-2014-4344: NULL dereference in SPNEGO acceptor, Bug: #755521
     - CVE-2014-4345 [MITKRB5-SA-2014-001]: buffer overrun in kadmind with
       LDAP backend, Bug: #757416
   * put patches into debian/patches (0026-* .. 0029-*)
Checksums-Sha1: 
 9672ee92d0033fec6ccd0085eef4af94f00f3675 1593 krb5_1.8.3+dfsg-4squeeze8.dsc
 58ebe5245c9bb07d170d84aca534a88c17ffd199 11564633 krb5_1.8.3+dfsg.orig.tar.gz
 22956057029081b6c5012bce37354cac4960b1d0 111253 krb5_1.8.3+dfsg-4squeeze8.diff.gz
 fe9627d3f6c48009e6ddd3846dc83a63ea536e4f 2254692 krb5-doc_1.8.3+dfsg-4squeeze8_all.deb
 20fefd74aa70cf3cdff0cbc338d057f5fea84b15 1374092 libkrb53_1.8.3+dfsg-4squeeze8_all.deb
 eb018be6f6b4d46ccd44907d90945e3059c4eb08 130588 krb5-user_1.8.3+dfsg-4squeeze8_i386.deb
 df1a7b8f73b69fedc191983b56ad2724727421d8 203424 krb5-kdc_1.8.3+dfsg-4squeeze8_i386.deb
 90111d06501e835af674f65d5e25d45b769e8cfe 113068 krb5-kdc-ldap_1.8.3+dfsg-4squeeze8_i386.deb
 94a18b0bdde7353865f954128fd7aeb447cf9ea3 107012 krb5-admin-server_1.8.3+dfsg-4squeeze8_i386.deb
 2155062b997f1668f73189fb34b739b81d177e9c 104122 krb5-multidev_1.8.3+dfsg-4squeeze8_i386.deb
 7672d4915015d19e6bff503f77b3c272c60bcc40 37892 libkrb5-dev_1.8.3+dfsg-4squeeze8_i386.deb
 f4455232a6ce55a0e0549eaff09197c47ca69ceb 1611116 libkrb5-dbg_1.8.3+dfsg-4squeeze8_i386.deb
 252c80d9ca56cf65c34dd58d08e0daede97160da 75076 krb5-pkinit_1.8.3+dfsg-4squeeze8_i386.deb
 06274ca13c573a48dbc8ebd4c963f732dbdb5cfa 357136 libkrb5-3_1.8.3+dfsg-4squeeze8_i386.deb
 a3ad084c9e182d857813056ae4f65601dab322c3 123114 libgssapi-krb5-2_1.8.3+dfsg-4squeeze8_i386.deb
 23df95d5f9b9fb8757afb7bbde179086aed63298 77590 libgssrpc4_1.8.3+dfsg-4squeeze8_i386.deb
 f93b861b9926683ce82a4715924421ae7d30e88c 74456 libkadm5srv-mit7_1.8.3+dfsg-4squeeze8_i386.deb
 6a40548d0a664616631c1a39bf35203429db4bd6 61246 libkadm5clnt-mit7_1.8.3+dfsg-4squeeze8_i386.deb
 ada7eb309d32fadb42c8cfb0280a52ac75b6e8f7 98544 libk5crypto3_1.8.3+dfsg-4squeeze8_i386.deb
 8cc89888cf08fd564d652c6859c989d1fdc61e6b 61318 libkdb5-4_1.8.3+dfsg-4squeeze8_i386.deb
 d04e6e3adfa1db753049a0e253d5ecab296873fc 44496 libkrb5support0_1.8.3+dfsg-4squeeze8_i386.deb
Checksums-Sha256: 
 5d086b2f04b93202cb90e2165d51fe86bd7eedceed8aad786abedf0d887b49e4 1593 krb5_1.8.3+dfsg-4squeeze8.dsc
 ed8b74faedee22ab961c6acaea17e5801aa89dc904a44457ef13bb5a297c83eb 11564633 krb5_1.8.3+dfsg.orig.tar.gz
 8d5324bbb0335b955dbc488cd48b5e67cc23c3dc9ddacd08823efdd77cb43069 111253 krb5_1.8.3+dfsg-4squeeze8.diff.gz
 7309d7a23b2bb321c889205992fc217453ffc8c9b011ad62b42fe382c30ec40a 2254692 krb5-doc_1.8.3+dfsg-4squeeze8_all.deb
 710300e82160542278cc91fc7fb6b23814804683b743358affd5d0b9f8951aa5 1374092 libkrb53_1.8.3+dfsg-4squeeze8_all.deb
 02cf5978ae8cfbca5dbe0fd205c1fdbf416c59b8c42c057f0731b4d194337e5b 130588 krb5-user_1.8.3+dfsg-4squeeze8_i386.deb
 c7b4c85fbdc9a352c3978d5f39ef820a749718dc3828cdf14efbd3cb6fd0bec9 203424 krb5-kdc_1.8.3+dfsg-4squeeze8_i386.deb
 fdeaf0baf3ff1bc05479314547eefe3dddaac6d82d9ee405f1680309d5c0a5ec 113068 krb5-kdc-ldap_1.8.3+dfsg-4squeeze8_i386.deb
 fee2f1ad6f5b26ad9c858e890b4b8b3144d7f09f5631e45f8ba517626fecd93f 107012 krb5-admin-server_1.8.3+dfsg-4squeeze8_i386.deb
 32ef398b8aeb40713f8c51675ecb7518d35482f185ca5268d11f7967a9cc77bf 104122 krb5-multidev_1.8.3+dfsg-4squeeze8_i386.deb
 4ea803d9c1fa38fc08a95f289ec47d246c7af4c190040beec76e72bf17b506e3 37892 libkrb5-dev_1.8.3+dfsg-4squeeze8_i386.deb
 18102ce185218333ba4d7447eaa075a966fd1304e395549c4dc82ace99c9f80e 1611116 libkrb5-dbg_1.8.3+dfsg-4squeeze8_i386.deb
 152b4bd6435f0c09afb918f83ca53e2c2500d76dfa7427062f7f968a7ed5de61 75076 krb5-pkinit_1.8.3+dfsg-4squeeze8_i386.deb
 da545475bc96ececf6a9345f68d399d4c75f9271a6774a9ea128bca87412eb91 357136 libkrb5-3_1.8.3+dfsg-4squeeze8_i386.deb
 510094c5cacc8dc09aa2964c98a412d331bfd20759b3a5537c3780594f5caf31 123114 libgssapi-krb5-2_1.8.3+dfsg-4squeeze8_i386.deb
 334ed4bc59dd7659567701cf6ce8f5660ddb8badfb5d830f26477bda21895ad0 77590 libgssrpc4_1.8.3+dfsg-4squeeze8_i386.deb
 fe72001ce62127775089a7b705e4d47ae3fa705ead0a762e1eaae4a7832bab2e 74456 libkadm5srv-mit7_1.8.3+dfsg-4squeeze8_i386.deb
 81b422102ecad5024c25135d10a4eb9004f5fe24628b910f56dc5d52b28fc9cb 61246 libkadm5clnt-mit7_1.8.3+dfsg-4squeeze8_i386.deb
 552e18e02f95fd51721a949bc8d5aba4cf7971e2510024820629063db030b960 98544 libk5crypto3_1.8.3+dfsg-4squeeze8_i386.deb
 7cb982dd09ec4d66fc00764a82b6982758c5985c084c9c7bb90cc306e5b76aff 61318 libkdb5-4_1.8.3+dfsg-4squeeze8_i386.deb
 edd6130796e738027b81c32c1eaf7be60166a32919bf10ae08ebd3e4a4bcad36 44496 libkrb5support0_1.8.3+dfsg-4squeeze8_i386.deb
Files: 
 c35189c17007fa85e9acc30603c35221 1593 net standard krb5_1.8.3+dfsg-4squeeze8.dsc
 a8bba2ef00a4afb18a2bdeec1deb6462 11564633 net standard krb5_1.8.3+dfsg.orig.tar.gz
 a9f44da105568d35ea7edcc0aaf7f24c 111253 net standard krb5_1.8.3+dfsg-4squeeze8.diff.gz
 2baa51856b53e6707839861861ace718 2254692 doc optional krb5-doc_1.8.3+dfsg-4squeeze8_all.deb
 81bcf0fded5b5be5a3a7e6b957d24982 1374092 oldlibs extra libkrb53_1.8.3+dfsg-4squeeze8_all.deb
 10ab505b959b6e0198a612f201c530ad 130588 net optional krb5-user_1.8.3+dfsg-4squeeze8_i386.deb
 fdb2df9503d8dc0d29a02b2fea6c57ab 203424 net optional krb5-kdc_1.8.3+dfsg-4squeeze8_i386.deb
 8c72b5a29fbc255d0dad3c3264eadc1d 113068 net extra krb5-kdc-ldap_1.8.3+dfsg-4squeeze8_i386.deb
 9661679a84307c636be8f4d69e7f7eab 107012 net optional krb5-admin-server_1.8.3+dfsg-4squeeze8_i386.deb
 1a7562e151ae673a8f88cbd0702ea9f4 104122 libdevel optional krb5-multidev_1.8.3+dfsg-4squeeze8_i386.deb
 48b170d68aced3d1091b911f020a8fca 37892 libdevel extra libkrb5-dev_1.8.3+dfsg-4squeeze8_i386.deb
 0b61c9f22ae15440bcd5e560851fd7ed 1611116 debug extra libkrb5-dbg_1.8.3+dfsg-4squeeze8_i386.deb
 15d770f2a1a26aac199ffaed88324dba 75076 net extra krb5-pkinit_1.8.3+dfsg-4squeeze8_i386.deb
 b7ac33e8ab8444860b2a55dfb22ddd85 357136 libs standard libkrb5-3_1.8.3+dfsg-4squeeze8_i386.deb
 eb7a6ad9a76a5b3d7f61777d2571d5aa 123114 libs standard libgssapi-krb5-2_1.8.3+dfsg-4squeeze8_i386.deb
 2c79f201d44005186140ade901c9b847 77590 libs standard libgssrpc4_1.8.3+dfsg-4squeeze8_i386.deb
 0474c9133939e84cb196272372e4912f 74456 libs standard libkadm5srv-mit7_1.8.3+dfsg-4squeeze8_i386.deb
 544bb9cc8c610173af2c5235e485f89d 61246 libs standard libkadm5clnt-mit7_1.8.3+dfsg-4squeeze8_i386.deb
 1873fd788b0fab8de61ee83645c7d432 98544 libs standard libk5crypto3_1.8.3+dfsg-4squeeze8_i386.deb
 81c30ca7b976ba383661273d3e3e1fd7 61318 libs standard libkdb5-4_1.8.3+dfsg-4squeeze8_i386.deb
 7eb77de7ac8b5aeb42b30549bf2e7ed6 44496 libs standard libkrb5support0_1.8.3+dfsg-4squeeze8_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlPyM1gACgkQ02K2KlS5mJAsAQCfWqBVuBFw56Vp2dqQwQ3G9ZMH
B1MAoIl4nY/xWCkyWG3sx3E2JGXKneDZ
=ueHj
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.