-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 04 Nov 2015 22:05:10 -0500 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit9 libkadm5clnt-mit9 libk5crypto3 libkdb5-7 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: all source Version: 1.12.1+dfsg-19+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Benjamin Kaduk <kaduk@mit.edu> Closes: 803083 803084 803088 Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-locales - Internationalization support for MIT Kerberos krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit9 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit9 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-7 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Changes: krb5 (1.12.1+dfsg-19+deb8u1) jessie-security; urgency=high . * Import upstream patches for four CVEs: - CVE-2015-2695: SPNEGO context aliasing during establishment, Closes: #803083 - CVE-2015-2696: IAKERB context aliasing during establishment, Closes: #803084 - CVE-2015-2697: unsafe string handling in TGS processing, Closes: #803088 - CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696 * In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695 and CVE-2015-2696 introduced regressions preventing the use of gss_import_sec_context() with contexts established using IAKERB or SPNEGO; the fixes for those regressions are included here. Checksums-Sha1: 61673ddbd11c4616de0086869a5f0dd6377461d2 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc d211e7d605bd992d33b7cbca1da14d68f0770258 11792370 krb5_1.12.1+dfsg.orig.tar.gz 5e694b245486d6c7faaada4fe8758acfbaec6e7e 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz 4f00835bb76ac5092b64b718d057db9653aa8871 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb 2d06bfb0303a2d74319cf4cf34c780b33e34ee20 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb Checksums-Sha256: 51e6242849ef2a909a56224ad08365db093a08936317dc6d8dfcb3edf67e1a8e 3368 krb5_1.12.1+dfsg-19+deb8u1.dsc eb29959f1e9f8d71e7401f5809daefae067296eb5b0da1176366280a16bdd784 11792370 krb5_1.12.1+dfsg.orig.tar.gz 0e61a1ba59d3f25a0a40022fd8a316c917e3c4ca9bb7b604646e949fd91d592f 120776 krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz 0e8d9bf109acb5329a1a9cf1ecb5f3e9413121a8a00d3ed435b4f84486bd7d4e 4684170 krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb 2b43298b682f351421e7e12f259485a3adc4370a72a2d0cbd833915feb5052ee 2648402 krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb Files: e3c9d6b37935ac04cf33f08bf4aaea5e 3368 net standard krb5_1.12.1+dfsg-19+deb8u1.dsc dd0367010b3d2385d9f23db25457a0bf 11792370 net standard krb5_1.12.1+dfsg.orig.tar.gz d1f9a984af597b08307f41b160a73367 120776 net standard krb5_1.12.1+dfsg-19+deb8u1.debian.tar.xz 895c89bc1fc94f1917aeab6027280618 4684170 doc optional krb5-doc_1.12.1+dfsg-19+deb8u1_all.deb 233a91de57e2e2ea4e68c17968082766 2648402 localization standard krb5-locales_1.12.1+dfsg-19+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWO67XAAoJEAVMuPMTQ89EiNIQAJ9M25jvoua+9vXkhSIc8k5N ETUlpaJN7d++1UzUDGCAV+2vPwxYU/68ivP69UdZQfF6np6+G0YBl5BKzB1HUnUL TCUVKHI+u7yOiSVibJIbMcyA9h9fbao7OKeCWfHU4usLP+XQxnNH3uru0frsKoDs so3YEw08jHJFv0prVDse3R4Vipexwm1c0gys8EtA+hLz7ErGsAQjyjdwIPNWSuj+ ydYhH+uaiGrAaE8vWTnpmB8IB8tm8IyIIyq9+3lgeFxX0BpCjMmaD6Em5uwRo12o b/yAEUrm4aS4FnDembfuttH1QkUYO4OwVLzTDHl6pPNR0s4BkM2BbLDe9fNwyrjY rKxzHX9NuiOytRVHVE+tn4XgnLJcqewnQlfk9kVKQh21CeD+i6EIMnv9vFm3qP4+ lfye76Al7QMWw4AreaNmxdTrGn3KND8Y/36m3vqZT+bqF2CSKxBMVQoxwu0N8u7+ ivF5atydU2jypcPnjnblkdMs+nsQdqrMVydLsb9hCiF5lVgq3tP23w/hVmMsDyS6 QP5+dadOWfKO2CCZfAPy9ZD9G3RcLc8l/UAYmMQGp67QDW9JkJ3Hx7YFY2TQPgJb FG5go0+vNdqcV83og9/IJW0wR1retFRebLjigkgzn792mlt4+QPF6OWcZ70gUIP3 uckbN8OXLNe0XY7Y/ZCk =P2qI -----END PGP SIGNATURE-----