Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted krb5 1.21.3-1 (source) into unstable
Date: Thu, 27 Jun 2024 18:20:40 +0000
Signed by: Sam Hartman <hartmans@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 27 Jun 2024 11:54:54 -0600
Source: krb5
Architecture: source
Version: 1.21.3-1
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Sam Hartman <hartmans@debian.org>
Closes: 1067610
Changes:
 krb5 (1.21.3-1) unstable; urgency=high
 .
   * New Upstream version
     -     CVE-2024-37370: an unauthenticated attacker can modify the
     extra count in an RFC 4121 GSS token, causing the token to appear
     truncated.
     - CVE-2024-37371: an attacker can cause invalid memory reads by
     sending an invalid GSS token.
   * Drop doxygen work around patch: applied upstream
   * Fix Python 3.12 tests: replace ssl.wrap_socket, Closes: #1067610
Checksums-Sha1:
 7ba9b62fb92b80e9e2ce9eec7ae8f990311b0fbb 3349 krb5_1.21.3-1.dsc
 3e383bbe88cbed56bdad4ba655c40abf0e961cf7 9136145 krb5_1.21.3.orig.tar.gz
 bba46878ffc67fcd96821cd7b8f451b5b1b2f475 833 krb5_1.21.3.orig.tar.gz.asc
 38b3cc0c755271112231eb3a9749003ea33af774 103240 krb5_1.21.3-1.debian.tar.xz
 69e09fa700c6907afafa9d4ad6650258787e7573 5010 krb5_1.21.3-1_source.buildinfo
Checksums-Sha256:
 e98e73700f2624bc51d53887c3260e35f28d72f0434b27ec37382b0c9736d5a7 3349 krb5_1.21.3-1.dsc
 b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35 9136145 krb5_1.21.3.orig.tar.gz
 85047c935fe949ef2e275885451b168557b923dd13a5aab0ef8fe6acd27b94d7 833 krb5_1.21.3.orig.tar.gz.asc
 f34037592e652dbf9765062abcadac5b89eae050f877069530535b86aca61821 103240 krb5_1.21.3-1.debian.tar.xz
 58ec5ec37c4e1f68a361184e72c954605a8b75a2ec3b666bcf1394ee21a3b753 5010 krb5_1.21.3-1_source.buildinfo
Files:
 9d1228d154d9fd10015a0467d69e0bdc 3349 net optional krb5_1.21.3-1.dsc
 beb34d1dfc72ba0571ce72bed03e06eb 9136145 net optional krb5_1.21.3.orig.tar.gz
 cc604e5e51a7c3c314751c68c0cd5a09 833 net optional krb5_1.21.3.orig.tar.gz.asc
 3a1e35ef739e6793d84a6fbc87427836 103240 net optional krb5_1.21.3-1.debian.tar.xz
 41e4a1dc5e0b53c9098e59efa4a7b65f 5010 net optional krb5_1.21.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCZn2oLwAKCRAsbEw8qDeG
dJT0AP95sJyeQuSUOR6UmcAb/d0GvcPEK6M9lmKiGvZREyYbmAD/b6LK0TlQSzWr
O34ABVXofzDpPTave4ebtwrFaxWnswg=
=vyw5
-----END PGP SIGNATURE-----

News for package krb5