Debian Package Tracker

general

source: krb5 (main)
version: 1.17-7
maintainer: Sam Hartman (DMD)
uploaders: Russ Allbery [DMD] – Benjamin Kaduk [DMD]
arch: all any
std-ver: 4.1.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.12.1+dfsg-19+deb8u4
o-o-sec: 1.12.1+dfsg-19+deb8u5
oldstable: 1.15-1+deb9u1
stable: 1.17-3
testing: 1.17-7
unstable: 1.17-7

versioned links

1.12.1+dfsg-19+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.1+dfsg-19+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

krb5-admin-server (5 bugs: 0, 4, 1, 0)
krb5-doc (2 bugs: 0, 1, 1, 0)
krb5-gss-samples
krb5-k5tls
krb5-kdc
krb5-kdc-ldap (1 bugs: 0, 1, 0, 0)
krb5-kpropd (1 bugs: 0, 1, 0, 0)
krb5-locales
krb5-multidev (1 bugs: 0, 0, 1, 0)
krb5-otp
krb5-pkinit
krb5-user (5 bugs: 0, 0, 5, 0)
libgssapi-krb5-2 (2 bugs: 0, 2, 0, 0)
libgssrpc4
libk5crypto3
libkadm5clnt-mit11
libkadm5srv-mit11
libkdb5-9
libkrad-dev
libkrad0
libkrb5-3 (3 bugs: 0, 2, 1, 0)
libkrb5-dbg
libkrb5-dev (1 bugs: 0, 0, 1, 0)
libkrb5support0 (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 1.18 high

A new upstream version 1.18 is available, you should consider packaging it.

Created: 2019-12-15 Last update: 2020-04-05 17:36

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs (3 if counting merged bugs), consider including or untagging them.

Created: 2020-02-26 Last update: 2020-04-05 19:01

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

krb5-doc could be marked Multi-Arch: foreign
libkrad-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2020-04-05 18:01

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2018-5710: An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

Please fix them.

Created: 2015-07-12 Last update: 2020-03-26 05:33

5 ignored security issues in stretch low

There are 5 open security issues in stretch.

5 issues skipped by the security teams:

CVE-2018-5730: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
CVE-2018-5729: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2018-5710: An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
CVE-2018-20217: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Please fix them.

Created: 2017-07-22 Last update: 2020-03-26 05:33

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.1).

Created: 2018-01-18 Last update: 2020-03-24 02:05

news

[rss feed]

[2020-03-26] krb5 1.17-7 MIGRATED to testing (Debian testing watch)
[2020-03-23] Accepted krb5 1.17-7 (source) into unstable (Sam Hartman)
[2019-08-04] krb5 1.17-6 MIGRATED to testing (Debian testing watch)
[2019-08-01] Accepted krb5 1.17-6 (source) into unstable (Sam Hartman)
[2019-07-20] krb5 1.17-5 MIGRATED to testing (Debian testing watch)
[2019-07-17] Accepted krb5 1.17-5 (source) into unstable (Sam Hartman)
[2019-07-16] krb5 1.17-4 MIGRATED to testing (Debian testing watch)
[2019-07-09] Accepted krb5 1.17-4 (source) into unstable (Sam Hartman)
[2019-06-21] krb5 1.17-3 MIGRATED to testing (Debian testing watch)
[2019-06-18] Accepted krb5 1.17-3 (source) into unstable (Sam Hartman)
[2019-03-08] krb5 1.17-2 MIGRATED to testing (Debian testing watch)
[2019-02-25] Accepted krb5 1.17-2 (all amd64 source) into unstable (Sam Hartman)
[2019-01-25] Accepted krb5 1.12.1+dfsg-19+deb8u5 (source all amd64) into oldstable (Thorsten Alteholz)
[2019-01-21] krb5 1.17-1 MIGRATED to testing (Debian testing watch)
[2019-01-13] Accepted krb5 1.17-1 (all amd64 source) into unstable (Sam Hartman)
[2019-01-03] krb5 1.16.2-1 MIGRATED to testing (Debian testing watch)
[2018-12-31] Accepted krb5 1.16.2-1 (source) into unstable (Sam Hartman)
[2018-10-09] krb5 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2018-10-03] Accepted krb5 1.16.1-1 (source) into unstable (Sam Hartman)
[2018-01-31] Accepted krb5 1.10.1+dfsg-5+deb7u9 (source all amd64) into oldoldstable (Markus Koschany)
[2018-01-26] krb5 1.16-2 MIGRATED to testing (Debian testing watch)
[2018-01-20] Accepted krb5 1.16-2 (source) into unstable (Sam Hartman)
[2018-01-18] Accepted krb5 1.16-1 (all amd64 source) into unstable, unstable (Sam Hartman)
[2017-11-03] krb5 1.15.2-2 MIGRATED to testing (Debian testing watch)
[2017-10-29] Accepted krb5 1.15.2-2 (source amd64 all) into unstable (Benjamin Kaduk)
[2017-10-25] Accepted krb5 1.15.2-1 (source amd64 all) into unstable (Benjamin Kaduk)
[2017-09-08] Accepted krb5 1.12.1+dfsg-19+deb8u4 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Sam Hartman)
[2017-08-14] Accepted krb5 1.10.1+dfsg-5+deb7u8 (source all amd64) into oldoldstable (Lucas Kanashiro)
[2017-08-12] Accepted krb5 1.15-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Sam Hartman)
[2017-07-26] krb5 1.15.1-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 25 28
RC: 0
I&N: 14 16
M&W: 11 12
F&P: 0
patch: 2 3

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
l10n (100, 100)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.17-6ubuntu4
22 bugs (2 patches)
patches for 1.17-6ubuntu4