[Bug 671672] [NEW] Sync krb5 1.8.3+dfsg-2 (main) from Debian unstable (main)

Kees Cook kees at ubuntu.com
Fri Nov 5 23:36:46 GMT 2010

Public bug reported:

Hash: SHA512

 affects ubuntu/krb5
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync krb5 1.8.3+dfsg-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
Ubuntu changes are in Debian too now (MITKRB5-SA-2010-006)

Changelog entries since current natty version 1.8.1+dfsg-5ubuntu0.1:

krb5 (1.8.3+dfsg-2) unstable; urgency=high

  * MITKRB5-SA-2010-006 [CVE-2010-1322]: null pointer dereference in
    kdc_authdata.c leading to KDC crash, Closes: #599237
  * Fix two memory leaks in krb5_get_init_creds path; one of these memory
    leaks is quite common for any application such as PAM or kinit that
    gets initial credentials, thanks Bastian Blank, Closes: #598032
  * Install doc/CHANGES only in krb5-doc, not in all packages, saves
    several megabytes on most Debian systems, Closes: #599562

 -- Sam Hartman <hartmans at debian.org>  Wed, 13 Oct 2010 10:41:19 -0400

krb5 (1.8.3+dfsg-1) unstable; urgency=low

  * New Upstream release; only change is version bump from beta1 to final 
  * Bring back a libkrb53 oldlibs package. Note that this is technically a
    policy violation because it doesn't provide libdes425.so.3 or
    libkrb4.so.2 and thus provides a different ABI. However, some
    packages, such as postgres8.4 require the lenny version to be present
    for the squeeze transition, so we cannot force the removal of
    libkrb53's reverse dependencies. We can conflict or break with lenny
    packages that will not work with this libkrb53, but we may break
    out-of-archive packages without notice. Absent someone coming up with
    a patch to the modern libk5crypto-3 that allows it to work with the
    lenny libkrb53 (a weekend's worth of work proved this would be quite
    difficult), this is the best solution we've come up with, Closes: #596678

 -- Sam Hartman <hartmans at debian.org>  Sun, 19 Sep 2010 14:59:46 -0400

krb5 (1.8.3+dfsg~beta1-2) unstable; urgency=low

  * Remove documentation that has moved to the krb5-appl package and is
    not shipped upstream from Debian diff

 -- Sam Hartman <hartmans at debian.org>  Tue, 10 Aug 2010 15:33:15 -0400

krb5 (1.8.3+dfsg~beta1-1) unstable; urgency=low

  * New Upstream version
  * Add breaks with libkrb53 because libdes425 cannot work with new
    libk5crypto3 (Closes: #557929)
  * You want this version: it fixes an incompatibility with how PACs are
    verified with Windows 2008
  * As a result of libkrb53 breaks, we no longer get into problems with
    krb5int_hmac, Closes: #566988 
  * Note that libkdb5-4 breaks rather than conflicts libkadm5srv6, Closes:
  * Start kdc  before x display managers, Closes: #588536

 -- Sam Hartman <hartmans at debian.org>  Thu, 05 Aug 2010 12:15:50 -0400

Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>


** Affects: krb5 (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

Sync krb5 1.8.3+dfsg-2 (main) from Debian unstable (main)
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.

More information about the Ubuntu-server-bugs mailing list