-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: krb5 Binary: krb5-user, krb5-kdc, krb5-kdc-ldap, krb5-admin-server, krb5-multidev, libkrb5-dev, libkrb5-dbg, krb5-pkinit, krb5-otp, krb5-doc, libkrb5-3, libgssapi-krb5-2, libgssrpc4, libkadm5srv-mit9, libkadm5clnt-mit9, libk5crypto3, libkdb5-7, libkrb5support0, libkrad0, krb5-gss-samples, krb5-locales, libkrad-dev Architecture: any all Version: 1.12.1+dfsg-19+deb8u1 Maintainer: Sam Hartman <[email protected]> Uploaders: Russ Allbery <[email protected]>, Benjamin Kaduk <[email protected]> Homepage: http://web.mit.edu/kerberos/ Standards-Version: 3.9.5 Vcs-Browser: http://git.debian.org/?p=pkg-k5-afs/debian-krb5-2013.git Vcs-Git: git://git.debian.org/git/pkg-k5-afs/debian-krb5-2013.git Build-Depends: debhelper (>= 8.1.3), byacc | bison, comerr-dev, docbook-to-man, doxygen, libkeyutils-dev [linux-any], libldap2-dev, libncurses5-dev, libssl-dev, ss-dev, libverto-dev (>= 0.2.4), pkg-config, dh-systemd Build-Depends-Indep: python-cheetah, python-lxml, python-sphinx, doxygen-latex Package-List: krb5-admin-server deb net optional arch=any krb5-doc deb doc optional arch=all krb5-gss-samples deb net extra arch=any krb5-kdc deb net optional arch=any krb5-kdc-ldap deb net extra arch=any krb5-locales deb localization standard arch=all krb5-multidev deb libdevel optional arch=any krb5-otp deb net extra arch=any krb5-pkinit deb net extra arch=any krb5-user deb net optional arch=any libgssapi-krb5-2 deb libs standard arch=any libgssrpc4 deb libs standard arch=any libk5crypto3 deb libs standard arch=any libkadm5clnt-mit9 deb libs standard arch=any libkadm5srv-mit9 deb libs standard arch=any libkdb5-7 deb libs standard arch=any libkrad-dev deb libdevel extra arch=any libkrad0 deb libs standard arch=any libkrb5-3 deb libs standard arch=any libkrb5-dbg deb debug extra arch=any libkrb5-dev deb libdevel extra arch=any libkrb5support0 deb libs standard arch=any Checksums-Sha1: d211e7d605bd992d33b7cbca1da14d68f0770258 11792370 krb5_1.12.1+dfsg.orig.tar.gz 5e694b245486d6c7faaada4fe8758acfbaec6e7e 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz Checksums-Sha256: eb29959f1e9f8d71e7401f5809daefae067296eb5b0da1176366280a16bdd784 11792370 krb5_1.12.1+dfsg.orig.tar.gz 0e61a1ba59d3f25a0a40022fd8a316c917e3c4ca9bb7b604646e949fd91d592f 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz Files: dd0367010b3d2385d9f23db25457a0bf 11792370 krb5_1.12.1+dfsg.orig.tar.gz d1f9a984af597b08307f41b160a73367 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWO67PAAoJEAVMuPMTQ89E7lMP/j3AWXgiK9HzvWOE0uPvKhr5 5vF9Uhws15JQ6xiNylsdovlv/M7VXsMGT0MNz3VLKNPdo+cT1O4SM9TaorimTgTp 6tRZBfdJpOW5Uv2rnlS0f6IkZcNwrOTGVTAj4sF8avDRvLaP+GkLMTZ6rGShT+Aw gr4pDG7SsaXTKgGD/rDXO7Giastbhn1FD53gPpBHYOobiUoFU75KRqKJR1ET893b P/YKbBlDbUdwCOICJs5IqxUf679V4kobBe97OpxWFEuLUWoG6CeYPtRBvx/A+n1S zR284M4LWO9rxB3+9yZ5cbAN9VRbq5juig6QAI4477k+3PfuNLfJQX1jmIDqzH9j dDKZBQkMs6rRLdRyxgP2AwRVB80tXYot0614F+Oaj7iIRQLs1d5rjX5t+fme01su AUhI4z/taLbKRtJTJrNpdHbZoBzyjmZnNx5fwQ5TqCmhpMms0gMQUb1Pw9MJM8F6 PV7exAi9Y0uB2HkGjprPebPXCSw8cM7RsgII22/G9njagSPVDRfFJWTlbBUyE3s3 UvU04USFIYRLNaGY0IkiuzWVFEZQOe+p8pTDqwyrMLOaf6eC+xOmsolxGq9MwG58 7TSQSIhfKb3vpqBU0CoYByfH/1K7EqJK7/ZXQopgFX5N7dY+tEBCqxG9qiu58D6l B4ihuUrEJAP4175NDRKy =OdQN -----END PGP SIGNATURE----- Changes: krb5 (1.12.1+dfsg-19+deb8u1) jessie-security; urgency=high * Import upstream patches for four CVEs: - CVE-2015-2695: SPNEGO context aliasing during establishment, Closes: #803083 - CVE-2015-2696: IAKERB context aliasing during establishment, Closes: #803084 - CVE-2015-2697: unsafe string handling in TGS processing, Closes: #803088 - CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696 * In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695 and CVE-2015-2696 introduced regressions preventing the use of gss_import_sec_context() with contexts established using IAKERB or SPNEGO; the fixes for those regressions are included here. -- Benjamin Kaduk <[email protected]> Wed, 04 Nov 2015 22:05:10 -0500