Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted krb5 1.18.3-6+deb11u8 (source) into oldoldstable-security
Date: Wed, 27 May 2026 19:00:16 +0000
Signed by: Emmanuel Arias <eamanu@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 May 2026 17:57:16 -0300
Source: krb5
Architecture: source
Version: 1.18.3-6+deb11u8
Distribution: bullseye-security
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Emmanuel Arias <eamanu@debian.org>
Closes: 1135317
Changes:
 krb5 (1.18.3-6+deb11u8) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix two NegoEx parsing vulnerabilities (Closes: #1135317):
     - An an unauthenticated remote attacker cantrigger a null pointer
       dereference, causing the process to terminate (CVE-2026-40355).
     - An unauthenticated remote attacker can trigger a read overrun
       of up to 52 bytes, possibly causing the process to terminate
       (CVE-2026-40356).
Checksums-Sha1:
 c79c20a281d485da8701d1c6dd635b0027d2239d 3839 krb5_1.18.3-6+deb11u8.dsc
 82782b9f898427b32ae6a5142e722e89a7954898 121824 krb5_1.18.3-6+deb11u8.debian.tar.xz
 c16587c1e5312a8ae002efbc206c53ab9de397f4 21727 krb5_1.18.3-6+deb11u8_amd64.buildinfo
Checksums-Sha256:
 bfdd209fd2d842c4ad7d9bf3d29522a0f6c0a3b8bf0de69ef2400f26748e165b 3839 krb5_1.18.3-6+deb11u8.dsc
 5e88b6bcafbb62b178387948124fb294b224636b5d10df08201930c1fb5a6582 121824 krb5_1.18.3-6+deb11u8.debian.tar.xz
 d8a29420e9dfe067a1d9fd3526efb4f060a525f59530f0d40e7527a1ef9b2c1f 21727 krb5_1.18.3-6+deb11u8_amd64.buildinfo
Files:
 0d968def8becc3031f1a60524c396e8d 3839 net optional krb5_1.18.3-6+deb11u8.dsc
 b44d9037eb347522c9d327312f931445 121824 net optional krb5_1.18.3-6+deb11u8.debian.tar.xz
 a22b4e6178fafeeaf16b2d3f96071372 21727 net optional krb5_1.18.3-6+deb11u8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmoXPEwSHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPxIeUP/2hyDlLn74PqiaF4NYGFl5SI9a28HPOs
+IdSx6CobeAkqqWR5lJ5WULL/d6iPIM8rJlVrHMVXRvQnj/8Qy/5JoXfzHBWG8Zr
3CCvFUD6jrs4olp7xc6TQ2yNQc3hPDaCf2MOFv0AWSDDoV6ofA9gURzigYmGZ5Ym
KTIMNDJ+x3y1oKARgaRB3RQs+zeG8YZuEsnfmn01TR5sf1TtfinN075S1IRlXyFQ
hS3uDtpZpFw/3Jj8oil7RNhyOQtHLiXmergDVcDzL2tbKZcZPYh5LX+gWLkX2xkd
y1xhsrrRKXQ/HoiyyN79MKjlWvF5LiDhPg972OviF9KcvjecRwCyEjLCsXLV43jR
eN9f4eTwLm+Y8HMshd14yQtP+KxSxpQJkN5n14wMtk+ote/ueXyJP9Vb97FMPxrt
ilOEyvewRwO2YI46dOKC0X5T7zlPjHPlEMY93jcq23F5g6H3tIfB9kkszFlrHXEx
0/9lzfalXMWL9BW/+u+iQTnQCdje9REQTSaBdAXmeUL/e0IItxOx0btwUcTfIEJu
QLNcMGEIi8pX2Q9FqJb7kOgt/59Qs6WGAXDKOAKpiQNv7EedBjYtC6vSJrWXwyaJ
ybmauhBK4FijmG85aatfVmZJ7Gr8kF1d90AImPgE57cQ5taSl636A8dyefn/Aw01
2ENwuiAx+2ev
=nwnu
-----END PGP SIGNATURE-----

News for package krb5