-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Jul 2024 11:31:35 -0600 Source: krb5 Architecture: source Version: 1.20.1-2+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Sam Hartman <hartmans@debian.org> Changes: krb5 (1.20.1-2+deb12u2) bookworm-security; urgency=high . * CVE-2024-37370: an unauthenticated attacker can modify the extra count in an RFC 4121 GSS token, causing the token to appear truncated. * CVE-2024-37371: an attacker can cause invalid memory reads by sending an invalid GSS token. Checksums-Sha1: c78fb072bba0ef93afa9526a5d73fbf039e18548 3203 krb5_1.20.1-2+deb12u2.dsc 06278439a6cd5a2aa861d8e877451b794487534b 8661660 krb5_1.20.1.orig.tar.gz 1cd01998135e3db3c4401b84459fb19ab8baabaf 833 krb5_1.20.1.orig.tar.gz.asc 52b2facdb51279144232d0ee7a92b7f2a4dc345a 105728 krb5_1.20.1-2+deb12u2.debian.tar.xz b05dbf558cea54b5c53b86a7eb49a658b050cd3a 5027 krb5_1.20.1-2+deb12u2_source.buildinfo Checksums-Sha256: 0ce7a4e69a947c0d21cc5226fe17f85f03b5011e96171aaeba91d3629fcf4dc2 3203 krb5_1.20.1-2+deb12u2.dsc 704aed49b19eb5a7178b34b2873620ec299db08752d6a8574f95d41879ab8851 8661660 krb5_1.20.1.orig.tar.gz 2afeec5dbc586cc40b7975645e02b4c41c4d719dd02213e828c72d8239d55666 833 krb5_1.20.1.orig.tar.gz.asc 06caf9ae0b57afd373e4a805820c1ceff519a5029566013a5c307f5439ab8364 105728 krb5_1.20.1-2+deb12u2.debian.tar.xz 74ec456ebbd9afb77eaaca252ec1e6fd8ca963868f63865a8828b58da6666bb9 5027 krb5_1.20.1-2+deb12u2_source.buildinfo Files: dd735335a3bb69a2be604b3785ddb27f 3203 net optional krb5_1.20.1-2+deb12u2.dsc 73f5780e7b587ccd8b8cfc10c965a686 8661660 net optional krb5_1.20.1.orig.tar.gz 46551f0a032aa02dccac3789a344e028 833 net optional krb5_1.20.1.orig.tar.gz.asc f84b9ff5935264c06bf5c9df7e6c5410 105728 net optional krb5_1.20.1-2+deb12u2.debian.tar.xz dd3db91cff80cabbe2cff51417856d11 5027 net optional krb5_1.20.1-2+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCZoMAAgAKCRAsbEw8qDeG dN6nAPwLy0vkS1SK7K3tJw4cpHsneAvCvI9i38+6L4GmH7C2sQD/V0ByyKjm+fuI 3nwd340kIr9PYvVPPNDGV/tCYp35tws= =Glfq -----END PGP SIGNATURE-----