-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Jul 2024 13:40:03 -0600 Source: krb5 Architecture: source Version: 1.18.3-6+deb11u5 Distribution: bullseye-security Urgency: high Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Sam Hartman <hartmans@debian.org> Changes: krb5 (1.18.3-6+deb11u5) bullseye-security; urgency=high . * CVE-2024-37370: an unauthenticated attacker can modify the extra count in an RFC 4121 GSS token, causing the token to appear truncated. * CVE-2024-37371: an attacker can cause invalid memory reads by sending an invalid GSS token. Checksums-Sha1: cec243d8ee0425b4dcd0fb50de066564d8fa765c 3209 krb5_1.18.3-6+deb11u5.dsc fdbb31fab5bdea24fc464d09bdbc245740648f1a 8715312 krb5_1.18.3.orig.tar.gz 909b9c68601cf999cd2697c83a0f56efd0faba6d 833 krb5_1.18.3.orig.tar.gz.asc b500e741ae0a65df73057de43c20dadc40553d40 114964 krb5_1.18.3-6+deb11u5.debian.tar.xz a677be2dec34da4e5b2264e50e67a3365644f1d7 5027 krb5_1.18.3-6+deb11u5_source.buildinfo Checksums-Sha256: 36c3edb6deb63df00b02fa00c3352139a0b51f30c9f20da8041f06818f771445 3209 krb5_1.18.3-6+deb11u5.dsc e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719 8715312 krb5_1.18.3.orig.tar.gz ded19808ba7320ad0bb3ddfb5202845b2ff36a50613af7832f78dd3cb4437419 833 krb5_1.18.3.orig.tar.gz.asc 6ba4b7db260cfdefb743a10b0a6a113c2302f1000812095563c5607ba9e0201a 114964 krb5_1.18.3-6+deb11u5.debian.tar.xz 18795405ef4df69e52592494c2edd82e853a52669a804149bdbd150d045b1500 5027 krb5_1.18.3-6+deb11u5_source.buildinfo Files: 5bef702703b1a73e9d118bc2a61fa7f9 3209 net optional krb5_1.18.3-6+deb11u5.dsc a64e8018a7572e0b4bd477c745129ffc 8715312 net optional krb5_1.18.3.orig.tar.gz bca804e12e8dc2de6930e916cd7a2ce3 833 net optional krb5_1.18.3.orig.tar.gz.asc a5c7c15f59f19490f5e114a03d249590 114964 net optional krb5_1.18.3-6+deb11u5.debian.tar.xz 3e7b8da9d7f3747db781b723342133e9 5027 net optional krb5_1.18.3-6+deb11u5_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCZoMQ3AAKCRAsbEw8qDeG dECoAP4u41WEwvIdyTIb8TwmfUa0wmymjiZES77mSXEiPJtgxAD/QhXdaqWsjv5m DI/BbgjJq7DhnvMt00MOVyZyd1r3BwI= =+Wkd -----END PGP SIGNATURE-----