>>>>> "Salvatore" == Salvatore Bonaccorso <car...@debian.org> writes:
Salvatore> We were originally thinking so (and Moritz added krb5 to Salvatore> the DSA needed list), as at least for 32bit architectures Salvatore> it might be possible to go beyond denial of service and Salvatore> potentially leading to remote code execution. But if your Salvatore> assesment on the issue makes you confident it's not DSA Salvatore> worthy we can re-evaluate. So, looking at the code and the upstream advisory, it looks like the information exposure vulnerability with cross-realm trust applies to 64-bit arches too. Anyway I've fixed for unstable. I have a proposed fix for bullseye on the bullseye branch of https://salsa.debian.org/debian/krb5. Can you take a look and see if I did that right? Do you want me to upload that, or would you rather upload to the security queue?
signature.asc
Description: PGP signature