[Bug 562635] [NEW] Sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)

Kees Cook kees at ubuntu.com
Tue Apr 13 23:50:59 BST 2010 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/krb5
 status confirmed
 importance wishlist
 subscribe ubuntu-archive
 done

Please sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
krb5 has some ABI issues in 1.8, and are fixed in 1.8.1.  We should use
1.8.1 for Lucid.  Since upstream krb5 tends to be very stable, I think
this is worth the risk of regression.


Changelog entries since current lucid version 1.8+dfsg~alpha1-7ubuntu1:

krb5 (1.8.1+dfsg-2) unstable; urgency=high

  * Fix crash in renewal and validation, Thanks Joel Johnson for such a
    prompt bug report, Closes: #577490

 -- Sam Hartman <hartmans at debian.org>  Mon, 12 Apr 2010 13:08:35 -0400

krb5 (1.8.1+dfsg-1) unstable; urgency=high

  * New upstream release
  * Fixes significant ABI incompatibility between Heimdal and MIT in the
    init_creds_step API; backward incompatible change in the meaning of
    the flags API.  Since this was introduced in 1.8 and since no better
    solution was found, it's felt that getting 1.8.1 out everywhere that
    had 1.8 very promptly is the right approach.  Otherwise software build
    against 1.8 will be broken in the future.
  * Testing of Kerberos 1.8 showed an incompatibility between Heimdal/MIT
    Kerberos and Microsoft Kerberos; resolve this incompatibility.  As a
    result, mixing KDCs between 1.8 and 1.8.1 in the same realm may
    produce undesirable results for constrained delegation.  Again,
    another reason to replace 1.8 with 1.8.1 as soon as possible.
  * Acknowledge security team upload, thanks for picking up the slack and
    sorry it was necessary

 -- Sam Hartman <hartmans at debian.org>  Sun, 11 Apr 2010 10:12:59 -0400

krb5 (1.8+dfsg-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-0628: denial of service (assertion failure and daemon crash)
    via an invalid packet that triggers incorrect preparation of an error
    token. (Closes: 575740)
  * Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703)

 -- Giuseppe Iuculano <iuculano at debian.org>  Fri, 09 Apr 2010 19:11:50
+0200

krb5 (1.8+dfsg-1) unstable; urgency=low

  * New upstream version
  * Include new upstream notice file in docs
  * Update symbols files
  * Include upstream ticket 6676: fix handling of cross-realm tickets
    issued by W2K8R2
  * Add ipv6 support to kprop,  Michael Stapelberg, Closes: #549476
  * New Brazilian Portuguese translations, Thanks Eder L. Marques,
    Closes: #574149

 -- Sam Hartman <hartmans at debian.org>  Wed, 17 Mar 2010 15:51:54 -0400

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>

iEYEARECAAYFAkvE9U8ACgkQH/9LqRcGPm1gggCeJOzyEaInHrty4J749iFQNVzi
daEAnAu1Y5V9xz5gEs3ToR02yzCmm5Jd
=i9Xn
-----END PGP SIGNATURE-----

** Affects: krb5 (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/562635
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list