Your message dated Tue, 31 Jul 2012 15:30:13 -0400
with message-id <[email protected]>
and subject line Re: [SPAM] Bug#683429: CVE-2012-1014/CVE-2012-1015: KDC heap
corruption and crash vulnerabilities
has caused the Debian Bug report #683429,
regarding CVE-2012-1014/CVE-2012-1015: KDC heap corruption and crash
vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
683429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: krb5
Version: 1.8.3+dfsg-4squeeze5
Severity: important
Tags: security
Original report in here: http://seclists.org/bugtraq/2012/Jul/171
I haven't verified this manually in Debian-packages. Please ask if you need me
to do it, thanks.
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
source: krb5
source-version: 1.8.3+dfsg-4squeeze6
I expect the security team will be issuing a DSA within a couple of
days.
Also, for unstable, fixed in 1.10.1+dfsg-2
The uploads happened before you opened the bug so they are not reflected
in the changelog.
Note that squeeze is vulnerable only to one of the two CVEs.
--- End Message ---
