Package: krb5 Version: 1.8+dfsg~alpha1-7 Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for krb5. CVE-2010-0628[0]: | The spnego_gss_accept_sec_context function in | lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in | MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows | remote attackers to cause a denial of service (assertion failure and | daemon crash) via an invalid packet that triggers incorrect | preparation of an error token. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628 http://security-tracker.debian.org/tracker/CVE-2010-0628 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuvwzgACgkQNxpp46476apSagCfbj0ouyXv6uz8gDdtq9uYC+xm PmYAoJcaMNl/MUL0640VxwW4yZByKIjq =0mge -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
