[Touch-packages] [Bug 2110460] Re: Merge krb5 from Debian Unstable for questing

Tue, 20 May 2025 08:45:32 -0700 

** Changed in: krb5 (Ubuntu)
    Milestone: ubuntu-25.06 => ubuntu-25.07

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/2110460

Title:
  Merge krb5 from Debian Unstable for questing

Status in krb5 package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.06
  Ubuntu: 1.21.3-4ubuntu2
  Debian Unstable: 1.21.3-5

  A new release of krb5 is available for merging from Debian Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'needs-merge' to 'needs-sync', and (optionally) update the
  title as desired.

  ### New Debian Changes ###

  krb5 (1.21.3-5) unstable; urgency=medium

    * Non-maintainer upload with maintainer agreement.
    * Fix CVE-2025-24528: Prevent overflow when calculating
      ulog block size (Closes: #1094730)

   -- Bastien Roucariès <ro...@debian.org>  Sun, 23 Feb 2025 17:12:14
  +0000


  ### Old Ubuntu Delta ###

  krb5 (1.21.3-4ubuntu2) plucky; urgency=medium

    * SECURITY UPDATE: denial of service via two memory leaks
      - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in
        src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.
      - CVE-2024-26458
      - CVE-2024-26461
    * SECURITY UPDATE: kadmind DoS via iprop log file
      - debian/patches/CVE-2025-24528.patch: prevent overflow when
        calculating ulog block size in src/lib/kdb/kdb_log.c.
      - CVE-2025-24528

   -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 25 Feb 2025
  10:22:31 -0500

  krb5 (1.21.3-4ubuntu1) plucky; urgency=medium

    * SECURITY UPDATE: Use of MD5-based message authentication over plaintext
      communications could lead to forgery attacks.
      - debian/patches/CVE-2024-3596.patch: Secure Response Authentication
        by adding support for the Message-Authenticator attribute in non-EAP
        authentication methods.
      - CVE-2024-3596
    * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.

   -- Nicolas Campuzano Jimenez <nicolas.campuz...@canonical.com>  Tue,
  04 Feb 2025 11:30:48 -0500

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2110460/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to