-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 15 Feb 2016 15:49:06 -0500 Source: krb5 Binary: krb5-user krb5-kdc krb5-kdc-ldap krb5-admin-server krb5-kpropd krb5-multidev libkrb5-dev libkrb5-dbg krb5-pkinit krb5-otp krb5-k5tls krb5-doc libkrb5-3 libgssapi-krb5-2 libgssrpc4 libkadm5srv-mit10 libkadm5clnt-mit10 libk5crypto3 libkdb5-8 libkrb5support0 libkrad0 krb5-gss-samples krb5-locales libkrad-dev Architecture: source amd64 all Version: 1.14+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Sam Hartman <hartmans@debian.org> Description: krb5-admin-server - MIT Kerberos master server (kadmind) krb5-doc - Documentation for MIT Kerberos krb5-gss-samples - MIT Kerberos GSS Sample applications krb5-k5tls - TLS plugin for MIT Kerberos krb5-kdc - MIT Kerberos key server (KDC) krb5-kdc-ldap - MIT Kerberos key server (KDC) LDAP plugin krb5-kpropd - MIT Kerberos key server (KDC) krb5-locales - Internationalization support for MIT Kerberos krb5-multidev - Development files for MIT Kerberos without Heimdal conflict krb5-otp - OTP plugin for MIT Kerberos krb5-pkinit - PKINIT plugin for MIT Kerberos krb5-user - Basic programs to authenticate using MIT Kerberos libgssapi-krb5-2 - MIT Kerberos runtime libraries - krb5 GSS-API Mechanism libgssrpc4 - MIT Kerberos runtime libraries - GSS enabled ONCRPC libk5crypto3 - MIT Kerberos runtime libraries - Crypto Library libkadm5clnt-mit10 - MIT Kerberos runtime libraries - Administration Clients libkadm5srv-mit10 - MIT Kerberos runtime libraries - KDC and Admin Server libkdb5-8 - MIT Kerberos runtime libraries - Kerberos database libkrad-dev - MIT Kerberos RADIUS Library Development libkrad0 - MIT Kerberos runtime libraries - RADIUS library libkrb5-3 - MIT Kerberos runtime libraries libkrb5-dbg - Debugging files for MIT Kerberos libkrb5-dev - Headers and development libraries for MIT Kerberos libkrb5support0 - MIT Kerberos runtime libraries - Support library Closes: 708175 775277 812131 813126 813127 813296 815677 Changes: krb5 (1.14+dfsg-1) experimental; urgency=medium . * New upstream version, Closes: #812131 * Apply upstream patches: - upstream/0010-Fix-mechglue-gss_acquire_cred_impersonate_name.patch - 0011-Correctly-use-k5_wrapmsg-in-ldap_principal2.c.patch - upstream/0012-Set-TL_DATA-mask-flag-for-master-key-operations.patch - upstream/0013-Check-context-handle-in-gss_export_sec_context.patch - upstream/0014-Check-internal-context-on-init-context-errors.patch - upstream/0015-Fix-interposed-gss_accept_sec_context.patch - upstream/0016-Work-around-uninitialized-warning-in-cc_kcm.c.patch - upstream/0017-Increase-hostname-length-in-ipropd_svc.c.patch - upstream/0018-Make-ksu-work-with-prompting-clpreauth-modules.patch - upstream/0019-Fix-memory-leak-in-SPNEGO-gss_init_sec_context.patch - upstream/0020-Fix-EOF-check-in-kadm5.acl-line-processing.patch - upstream/0021-Fix-iprop-server-stub-error-management.patch - upstream/0022-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch - upstream/0023-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch -upstream/0024-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch - Use blocking lock for db promote, Closes: #815677 * Verify decoded kadmin C strings [CVE-2015-8629] CVE-2015-8629: An authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. (Closes: #813296) * Check for null kadm5 policy name [CVE-2015-8630] CVE-2015-8630: An authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. (Closes: #813127) * Fix leaks in kadmin server stubs [CVE-2015-8631] CVE-2015-8631: An authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. (Closes: #813126) . * Remove all references to libkrb53, Closes: #708175 * Merge patch for kpropd service, introducing a new stub package for now that will contain the binaries in stretch+1. We don't want to move the binaries now because we'd either break existing installations or we'd need krb5-kdc to depend on the new package, which would cause kpropd to start in cases where we don't want it, thanks Mark Proehl and Michael Weiser, Closes: #775277 Checksums-Sha1: 73e1fa2d640a523002f69066575f4fb20c763526 3228 krb5_1.14+dfsg-1.dsc 384fda7fe0da2f8f5da1674896012c39580773f2 8733352 krb5_1.14+dfsg.orig.tar.xz 69f93684cfac9e26d1a1b84b8de58184910fb9be 99088 krb5_1.14+dfsg-1.debian.tar.xz 625eb45b111a3d53f27f84015f52f8cae6a2191c 162686 krb5-admin-server-dbgsym_1.14+dfsg-1_amd64.deb e2b084f3e934581cf6a5b8e398a9e1212e8ffb00 113764 krb5-admin-server_1.14+dfsg-1_amd64.deb ba2a90d0984a54f0bc7b6ca9b8184f30e98e3456 4859608 krb5-doc_1.14+dfsg-1_all.deb da60abfeafcc5503ab57a2c37bc9559e2d5944a6 35348 krb5-gss-samples-dbgsym_1.14+dfsg-1_amd64.deb 3d3dadf777dbc64ab742d2e71afc8db0cd01eddb 57986 krb5-gss-samples_1.14+dfsg-1_amd64.deb 7a618e6995aa0aa29e58156216d6abad8a08855a 31888 krb5-k5tls-dbgsym_1.14+dfsg-1_amd64.deb b1a7b246fe90a7363eeaff45886607c38dc2b2ee 48730 krb5-k5tls_1.14+dfsg-1_amd64.deb 9ac65de47a63bda4fe465e4ff4fb43546449f721 469292 krb5-kdc-dbgsym_1.14+dfsg-1_amd64.deb 97f5189dfdbfcaf3b140517c0a369ccc4a1e0da2 215124 krb5-kdc-ldap-dbgsym_1.14+dfsg-1_amd64.deb 8b59a40effd94746e52b4ca1e316a41afe8e3b60 113112 krb5-kdc-ldap_1.14+dfsg-1_amd64.deb 8a39e423be108eeeb86bea8792c15465f91905d6 215908 krb5-kdc_1.14+dfsg-1_amd64.deb 06c115f96774faa14dcf6199f2266e4a0c234c51 45336 krb5-kpropd_1.14+dfsg-1_amd64.deb aa2bc57b648c25ac7ac05d4aca0aed2319a47cd4 2792708 krb5-locales_1.14+dfsg-1_all.deb 39000273a198d4f4d87a8994a359c267a05cdf3d 147712 krb5-multidev_1.14+dfsg-1_amd64.deb 1d6181e72a8041fd7b4a7b82713b691b65f549b8 25770 krb5-otp-dbgsym_1.14+dfsg-1_amd64.deb bf678f8b0c2d9c6f7fea3ec879473427357685a0 49704 krb5-otp_1.14+dfsg-1_amd64.deb f589f49241efe868a739f47948188c585ac81245 137606 krb5-pkinit-dbgsym_1.14+dfsg-1_amd64.deb 19fa7c9fa6ea08f28b1cfce79cc2d902f8596e3a 86052 krb5-pkinit_1.14+dfsg-1_amd64.deb f34a6ae6589afee026ebe12fd72e0f92792ff45c 178372 krb5-user-dbgsym_1.14+dfsg-1_amd64.deb ef6b9510aa89c6fd635fe42bab19420430067523 141170 krb5-user_1.14+dfsg-1_amd64.deb 375f50eecbfbdd425a850857c00afab8b1f4e16a 153646 libgssapi-krb5-2_1.14+dfsg-1_amd64.deb 8254527b8145499fd9ddc123e00db191451996c3 87958 libgssrpc4_1.14+dfsg-1_amd64.deb 55f574df10c05af39ed0565378694fec0e6204e2 114724 libk5crypto3_1.14+dfsg-1_amd64.deb 81fd98c975d4de602c0e62c5cfe434fa0c30faf8 70068 libkadm5clnt-mit10_1.14+dfsg-1_amd64.deb fe1d8e4cf30d41ed88df6d9f7ca165a140471c93 84704 libkadm5srv-mit10_1.14+dfsg-1_amd64.deb 98339ed7cb3a224da3bdf0dd51f052cfec6f6063 69452 libkdb5-8_1.14+dfsg-1_amd64.deb e0831ac0dca1039a9a06edf203071ab438be0821 44922 libkrad-dev_1.14+dfsg-1_amd64.deb 855e254d4431d581749a8d54aec0ec609b9d34e9 54318 libkrad0_1.14+dfsg-1_amd64.deb f4c34e7933e52b5671f5ec58e8858a96c029482f 308678 libkrb5-3_1.14+dfsg-1_amd64.deb 683b0d9793ecf75c8ed5cd53d602f0a65942d605 1525248 libkrb5-dbg_1.14+dfsg-1_amd64.deb af923ee5123e9446069c9341d35164aca0bfa508 44416 libkrb5-dev_1.14+dfsg-1_amd64.deb 3ea8579a1c6ce7c384d454936c228ba12ea50421 60678 libkrb5support0_1.14+dfsg-1_amd64.deb Checksums-Sha256: 574867a237cfdb82eb305070590b15cf79a1b7f68461d78a06c200e973373dc2 3228 krb5_1.14+dfsg-1.dsc 94e3bd24c99ee708bacaa830435abfb96989bc4d85930082c71941a4888271b1 8733352 krb5_1.14+dfsg.orig.tar.xz 59c94f6253feb316c04294b6bea918ccbcd05b239d7dcce730f753191bdf0bc2 99088 krb5_1.14+dfsg-1.debian.tar.xz 64e6301191ae224bc2d382941639e9ab304f4952bb6187e92e19e8f08980c7d9 162686 krb5-admin-server-dbgsym_1.14+dfsg-1_amd64.deb e4701d4399370045b9a0d0fb241f4939a22a2880f636529b1278f416632b485b 113764 krb5-admin-server_1.14+dfsg-1_amd64.deb 1d80d34084bc8bd5de1196bb8ef5fc9e2e0b5fb1ad058b2878616d7cf1953ca6 4859608 krb5-doc_1.14+dfsg-1_all.deb 7d6a8667d11799e584d6e278974c6f5f11beebd462604f68a16e459b8b1e4d72 35348 krb5-gss-samples-dbgsym_1.14+dfsg-1_amd64.deb 78dc6e2ec14c5253531630d8888ac5e9e1fb37abc1b39f33715205de4b1dff82 57986 krb5-gss-samples_1.14+dfsg-1_amd64.deb f25fc557af013d59e62dcba5aacbd941f6707b556b8fb49ea6b78004074b4d8d 31888 krb5-k5tls-dbgsym_1.14+dfsg-1_amd64.deb cd519a04dd80885104cd940645e3d7d25a028a61c84d0f2784edc4bf17469000 48730 krb5-k5tls_1.14+dfsg-1_amd64.deb 9174f97d2269ddf6a857b1749b0a381950a1044abd1732741c24791c12eef916 469292 krb5-kdc-dbgsym_1.14+dfsg-1_amd64.deb 70a4b44b4c4da053a3186a1f9fee163bec65cdfb201a9833a784ddc47e888ec9 215124 krb5-kdc-ldap-dbgsym_1.14+dfsg-1_amd64.deb b38a8abe09b27c9f6a5ff14b8674888ae1692c3508a78790ee24acbbb75a3b9d 113112 krb5-kdc-ldap_1.14+dfsg-1_amd64.deb 85e40704f7db92522ef326d8011233cf34ee14b020340b8575abbadcab125f8f 215908 krb5-kdc_1.14+dfsg-1_amd64.deb 3318524a37aa1a486c8783bfc85337edd425fbbcf66e499dab335c7c51649d5a 45336 krb5-kpropd_1.14+dfsg-1_amd64.deb 9133d42920a05b7df50379e256957c5aaaeae631222ac77e5bfece3df2370e80 2792708 krb5-locales_1.14+dfsg-1_all.deb f1374ab7560547d5d75d826b45b3bbfc686f8ca58f03dbf59f4ad78b0ebda28c 147712 krb5-multidev_1.14+dfsg-1_amd64.deb 60d145d42266977cf4a0e4c2a5b92c7846a8ed4c57cc2c16956e0a89a79d1f57 25770 krb5-otp-dbgsym_1.14+dfsg-1_amd64.deb 20c875055959f44b8b09127dd6c4edf7f9d7558cc4544ca3cd98f63b42035e1c 49704 krb5-otp_1.14+dfsg-1_amd64.deb 02a726c514778feb6cd62797c66aca769efb1535bbf7e0e018aac4e6b9e4119c 137606 krb5-pkinit-dbgsym_1.14+dfsg-1_amd64.deb ace0c8d71c625367d080b9b92cbfc5a0209247d404eb9541e9afed055ea6d38b 86052 krb5-pkinit_1.14+dfsg-1_amd64.deb e55a48b17db538c3c8a3bcab2cc200b2b827046c17688d4a1b47c98d56b35f29 178372 krb5-user-dbgsym_1.14+dfsg-1_amd64.deb fbf50b3676815d263ab7e32959dc2b800e4425abb41f44e036f1c32df216a861 141170 krb5-user_1.14+dfsg-1_amd64.deb 026a2dfc5d68e04d281c2f1a31937d0bea00943e25b67623c7783c0d6f77ae42 153646 libgssapi-krb5-2_1.14+dfsg-1_amd64.deb f7e10f90edf2e73f3b60c199e6dac5031b1db5748ba8d33f05c7b5bf82d48903 87958 libgssrpc4_1.14+dfsg-1_amd64.deb cfa08639267a2fe579ec75b14c05e306543b115b666cb307f50da9ef1830896b 114724 libk5crypto3_1.14+dfsg-1_amd64.deb c518b9480b891f02777f08c8ed2ba1082e908b16ae57c3309c32edb659fa21c9 70068 libkadm5clnt-mit10_1.14+dfsg-1_amd64.deb 204b9d28fefc61d74195eaec091574c3e58f1762f36c6ef99d5fbfbb11115185 84704 libkadm5srv-mit10_1.14+dfsg-1_amd64.deb 8a9bf038ac084eec57834a4e6f05a0992e0da287762faa366c8f94d8a632d0f1 69452 libkdb5-8_1.14+dfsg-1_amd64.deb 6c75801c9497ea67cd155c18fc42af1a3218b3386669e17a560284a152cfc650 44922 libkrad-dev_1.14+dfsg-1_amd64.deb b978b5084116ab899c88c334a4baf3516328988395da7679da695e7d848b3d36 54318 libkrad0_1.14+dfsg-1_amd64.deb 167ce7195c3e058eec7ac839fd111e6338a11f75b7146ebe212979441cc0e48b 308678 libkrb5-3_1.14+dfsg-1_amd64.deb 80cc80f13301e34a141b91949ecfc33fd60b50ee82b09a66ed01c2539e42e1e8 1525248 libkrb5-dbg_1.14+dfsg-1_amd64.deb 13a908f4137a8e9ba711bfbfb6e5ca3a4acfdcd462f5ee6c7fecd967f24b2bdf 44416 libkrb5-dev_1.14+dfsg-1_amd64.deb 0da632b16f43611cf8fe7c58f1336745df6ef3657cedeaae9fd912bc13e7ed45 60678 libkrb5support0_1.14+dfsg-1_amd64.deb Files: 51efd04feaef7e79164068c9d6b20ec6 3228 net standard krb5_1.14+dfsg-1.dsc cb9a565161c95535b1c161d3a0ecf599 8733352 net standard krb5_1.14+dfsg.orig.tar.xz f93e30390ec959638377a9411ef1ea8e 99088 net standard krb5_1.14+dfsg-1.debian.tar.xz 6950ba7ecf3e5ac60a5f2d23569db221 162686 debug extra krb5-admin-server-dbgsym_1.14+dfsg-1_amd64.deb 75539d2f105f69217ab4567b2787a6df 113764 net optional krb5-admin-server_1.14+dfsg-1_amd64.deb dcbf3385fe4f3ddd24aee7afd2b8790a 4859608 doc optional krb5-doc_1.14+dfsg-1_all.deb 775c056543a70e5a101d0cc28df9afd4 35348 debug extra krb5-gss-samples-dbgsym_1.14+dfsg-1_amd64.deb c5ebe7c9191e834085700a12d795c15d 57986 net extra krb5-gss-samples_1.14+dfsg-1_amd64.deb 341193b09b8f0f1ca18c06fdb13f2277 31888 debug extra krb5-k5tls-dbgsym_1.14+dfsg-1_amd64.deb 1f61451645019775c53228f8ed509979 48730 net extra krb5-k5tls_1.14+dfsg-1_amd64.deb 264b52f0425d4200c3cc1698da191158 469292 debug extra krb5-kdc-dbgsym_1.14+dfsg-1_amd64.deb 62bc0fcc485c037b4e46285773308109 215124 debug extra krb5-kdc-ldap-dbgsym_1.14+dfsg-1_amd64.deb 6986924f77ec539285a9dcef74dfdeba 113112 net extra krb5-kdc-ldap_1.14+dfsg-1_amd64.deb 32d4101fd91125cce373eb0e0f0d2c2a 215908 net optional krb5-kdc_1.14+dfsg-1_amd64.deb 72b96216e6e872575d42796d553fe00a 45336 net optional krb5-kpropd_1.14+dfsg-1_amd64.deb 52104c61b5ac79198236d692c73578ed 2792708 localization standard krb5-locales_1.14+dfsg-1_all.deb 574a045625cf4594e4d6f8ba8ad69a56 147712 libdevel optional krb5-multidev_1.14+dfsg-1_amd64.deb 830c3735cb28b17e82e29da8ec6b5aaa 25770 debug extra krb5-otp-dbgsym_1.14+dfsg-1_amd64.deb 0f02d698e924a4a721f25c2d34b85cb4 49704 net extra krb5-otp_1.14+dfsg-1_amd64.deb c54cfa17da0f3710631c656dbacdf297 137606 debug extra krb5-pkinit-dbgsym_1.14+dfsg-1_amd64.deb 054d533c40fdb7155b49ca92c2b353e3 86052 net extra krb5-pkinit_1.14+dfsg-1_amd64.deb a7b67f3f523a71a6bad7fbc7c7940742 178372 debug extra krb5-user-dbgsym_1.14+dfsg-1_amd64.deb 55baddeb2297a51c8ca12a24e224be90 141170 net optional krb5-user_1.14+dfsg-1_amd64.deb e8683104af2110dd5972cff34a22f573 153646 libs standard libgssapi-krb5-2_1.14+dfsg-1_amd64.deb 604dae70306736aa2cda4c7702f36f30 87958 libs standard libgssrpc4_1.14+dfsg-1_amd64.deb cd6d06fda2d83b4a11e2dbe3571d45e2 114724 libs standard libk5crypto3_1.14+dfsg-1_amd64.deb bc83d2ac14f14ab00e131a3690e9fb6f 70068 libs standard libkadm5clnt-mit10_1.14+dfsg-1_amd64.deb a80cf1eb76806b959e6ba58d7f08932f 84704 libs standard libkadm5srv-mit10_1.14+dfsg-1_amd64.deb 47d57dd81c67f1cde2b31cada3dfeed5 69452 libs standard libkdb5-8_1.14+dfsg-1_amd64.deb d992bc7c14931362879d6c022468e6df 44922 libdevel extra libkrad-dev_1.14+dfsg-1_amd64.deb 7d1ce27225e65bf72b4790bf7ca765e3 54318 libs standard libkrad0_1.14+dfsg-1_amd64.deb ce20afad57c6a65aa8f9b7a0d4876fdc 308678 libs standard libkrb5-3_1.14+dfsg-1_amd64.deb ba8a2c340e6f5101fbcdca5f7cc3e141 1525248 debug extra libkrb5-dbg_1.14+dfsg-1_amd64.deb 73fa78c278c8207eed35ad6e3b65081f 44416 libdevel extra libkrb5-dev_1.14+dfsg-1_amd64.deb 7619326af0de46f388ef8288200577f6 60678 libs standard libkrb5support0_1.14+dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGIBAEBCAAGBQJWzwfKAAoJEHyaUfYmslafbOkLXRGS+vxLWhbJW96Y72VJ26N+ K+x9zPyPgJLCUvlB5shP3AO+I7C8+WLWt/zwSezN6q0lwlnRxz0ZiSlspKKNkzEv +o3aPGIHKiHu7SJ1YygsWOGdn+A334CxpUcPZxxvIl4WH7DdKUctZToygxR0r3sf DmFDXiuQr2U0PoQlLPEIEtq0unL8SeUl+a3zxVBaNZ9mLqm8xTZ1IvmWFY6NTSp5 8C/IfkvmoOqSt6fgzOequxs5Y+CPdkg5c5ntoILs7gXyH4FDP7Q1QdbbrGY5vuRC SfrHsICsaxVXGpCO8HUTDrhYYZXmwLuPrl/W46r2OHPutSMbxz+sXUobIsNWxaPA 2G82002fzLRnP8RhV9llg3ShMpXN7vBKpHSk6CWejFXJGFJMoM83relxx7oigZ4T ABboV6sgYKfHGZixlK/bwdi/cTjKlvw2ZIo02By1dVfYBmvZB4hgARMxy5ii6UVA Mgo2+qmQEcn2QnE= =tzsz -----END PGP SIGNATURE-----