Debian Package Tracker

general

source: heimdal (main)
version: 7.7.0+dfsg-1
maintainer: Brian May (DMD)
uploaders: Dominik George [DMD]
arch: all any
std-ver: 4.1.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6~rc2+dfsg-9+deb8u1
o-o-sec: 1.6~rc2+dfsg-9+deb8u1
oldstable: 7.1.0+dfsg-13+deb9u3
old-sec: 7.1.0+dfsg-13+deb9u3
stable: 7.5.0+dfsg-3
testing: 7.7.0+dfsg-1
unstable: 7.7.0+dfsg-1

versioned links

1.6~rc2+dfsg-9+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.1.0+dfsg-13+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.5.0+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.7.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

heimdal-clients (7 bugs: 0, 7, 0, 0)
heimdal-dev
heimdal-docs
heimdal-kcm (1 bugs: 0, 1, 0, 0)
heimdal-kdc (7 bugs: 0, 5, 2, 0)
heimdal-multidev (3 bugs: 0, 2, 1, 0)
heimdal-servers
libasn1-8-heimdal
libgssapi3-heimdal
libhcrypto4-heimdal
libhdb9-heimdal (1 bugs: 0, 1, 0, 0)
libheimbase1-heimdal
libheimntlm0-heimdal
libhx509-5-heimdal
libkadm5clnt7-heimdal
libkadm5srv8-heimdal
libkafs0-heimdal
libkdc2-heimdal
libkrb5-26-heimdal (1 bugs: 0, 1, 0, 0)
libotp0-heimdal
libroken18-heimdal
libsl0-heimdal
libwind0-heimdal

action needed

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2020-02-17 03:31

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

heimdal-docs could be marked Multi-Arch: foreign
heimdal-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2020-02-16 23:07

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #849325 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:26

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2020-01-14 21:00

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-14870: All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

Please fix it.

Created: 2019-12-11 Last update: 2020-01-05 06:35

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2019-14870: All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
CVE-2018-16860: A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
CVE-2017-6594: The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2019-12098: In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Please fix them.

Created: 2017-04-10 Last update: 2020-01-05 06:35

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-14870: All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

Please fix it.

Created: 2019-12-11 Last update: 2020-01-05 06:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.2).

Created: 2018-04-16 Last update: 2020-01-21 05:06

news

[rss feed]

[2020-01-05] heimdal 7.7.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-12-22] Accepted heimdal 7.7.0+dfsg-1 (source) into unstable (Brian May)
[2019-06-07] Accepted heimdal 7.1.0+dfsg-13+deb9u3 (source i386 all) into proposed-updates->stable-new, proposed-updates (Brian May)
[2019-06-03] Accepted heimdal 7.1.0+dfsg-13+deb9u3 (source i386 all) into stable->embargoed, stable (Brian May)
[2019-05-29] heimdal 7.5.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2019-05-27] Accepted heimdal 7.5.0+dfsg-3 (source) into unstable (Brian May)
[2018-11-18] heimdal 7.5.0+dfsg-2.1 MIGRATED to testing (Debian testing watch)
[2018-11-12] Accepted heimdal 7.5.0+dfsg-2.1 (source) into unstable (Hilko Bengen)
[2018-06-07] heimdal 7.5.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-06-02] Accepted heimdal 7.5.0+dfsg-2 (source i386 all) into unstable (Brian May)
[2017-12-17] heimdal 7.5.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-12-15] Accepted heimdal 7.5.0+dfsg-1 (source amd64 all) into unstable (Dominik George)
[2017-12-09] Accepted heimdal 7.1.0+dfsg-13+deb9u2 (source i386 all) into proposed-updates->stable-new, proposed-updates (Dominik George) (signed by: Thorsten Glaser)
[2017-07-28] heimdal 7.4.0.dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted heimdal 7.4.0.dfsg.1-2 (source i386 all) into unstable (Brian May)
[2017-07-17] heimdal 7.4.0.dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-07-16] Accepted heimdal 1.6~rc2+dfsg-9+deb8u1 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2017-07-16] Accepted heimdal 7.1.0+dfsg-13+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-07-15] Accepted heimdal 7.4.0.dfsg.1-1 (source i386 all) into unstable (Brian May)
[2017-07-14] Accepted heimdal 1.6~git20120403+dfsg1-2+deb7u1 (source all amd64) into oldoldstable (Guido Günther)
[2017-05-01] heimdal 7.1.0+dfsg-13 MIGRATED to testing (Debian testing watch)
[2017-04-26] Accepted heimdal 7.1.0+dfsg-13 (source amd64 all) into unstable (Brian May)
[2017-04-16] heimdal 7.1.0+dfsg-12 MIGRATED to testing (Debian testing watch)
[2017-04-14] Accepted heimdal 7.1.0+dfsg-12 (source i386 all) into unstable (Brian May)
[2017-04-10] heimdal 7.1.0+dfsg-11 MIGRATED to testing (Debian testing watch)
[2017-04-08] Accepted heimdal 7.1.0+dfsg-11 (source i386 all) into unstable (Brian May)
[2017-04-08] Accepted heimdal 7.1.0+dfsg-10 (source i386 all) into unstable (Brian May)
[2017-01-20] heimdal 7.1.0+dfsg-9 MIGRATED to testing (Debian testing watch)
[2017-01-09] Accepted heimdal 7.1.0+dfsg-9 (source amd64 all) into unstable (Jelmer Vernooĳ)
[2017-01-08] Accepted heimdal 7.1.0+dfsg-8 (source amd64 all) into experimental (Jelmer Vernooĳ)

bugs [bug history graph]

all: 29
RC: 1
I&N: 22
M&W: 6
F&P: 0
patch: 3

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.7.0+dfsg-1
11 bugs