Re: CVE-2018-5710: krb5 package version issue

Hi, On 2021-03-22 9:56 a.m., Andrei Nikonov wrote: > Dear Sam Hartman, Russ Allbery, Benjamin Kaduk and Security team! > > Let me ask you for help and guidance. > > At the moment, I have a PC running Ubuntu 18.04 at my disposal. It has some > binary packages that depend on the "/krb5/" package.

Re: CVE-2018-5710: krb5 package version issue

This doesn't sound like a Debian issue. It sounds more like a disagreement between your source of vulnerability information and Ubuntu about when a problem is fixed (or whether it was). I also don't see CVE-2018-5710 as a vulnerability that upstream lists as fixed in their git history. I would not

Re: CVE-2018-5710: krb5 package version issue

Hi Andrei, Andrei Nikonov writes: > Moreover, the package version 1.16.1-1 is shown as a fixed version on > the official Ubuntu CVE page > . So I don't think that there > can be any disagreement in vulnerability information. None of the people you have

Re: CVE-2018-5710: krb5 package version issue

Dear Sam, Thank You for the answer. At first: vulnerability source, that I use, is official Ubuntu's OVAL data . I downloaded the file by this link . For Your convenience, I attached