Dear Greg Hudson, I hope this message finds you well.
I am writing to inquire about the current status and expected timeline for addressing the CVE identified in the krb5 software. Our team needs to understand when a fix for this vulnerability will be available in an upcoming release to plan our security updates accordingly. I can see that commit c5f9c816107f70139de11b38aa02db2f1774ee0d <https://github.com/krb5/krb5/commit/c5f9c816107f70139de11b38aa02db2f1774ee0d> includes the fix for CVE NVD - CVE-2024-26461<https://nvd.nist.gov/vuln/detail/CVE-2024-26461>. However, these changes are not yet included in the latest krb5 release, which is 1.21.3 (krb5-1.21.3-final <https://github.com/krb5/krb5/tree/krb5-1.21.3-final> ). Could you please provide more details on the targeted release version and date for the fix? Your assistance in this matter is highly appreciated as it will help us ensure the security and stability of our systems. I look forward to your prompt response. Thank you for your attention and cooperation. Best regards, Shawn Zhang (he/him) Senior Principal Engineer, Protocol Dell Technologies | Unstructured & Secondary Storage [email protected]<mailto:[email protected]> Internal Use - Confidential ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
