On 9/1/25 03:02, Ankit Srivastava via Kerberos wrote:
Hi Team, While reviewing Kerberos 1.22.1 release note[...] I have found CVE claim [...] But the same has not been mentioned in 1.22 !
I'm not sure what this means. The release notes in the (withdrawn) krb5-1.22 tarball can't be changed.
So, does it impact on the user who is using krb5.1.21.3 or prior releases or only the impact on user who has krb5.1.22 ?
Only 1.22 is impacted. Prior releases never had this bug, and 1.22.1 fixes it.
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
