reopen 702633
thanks
The changelog entry for krb5 1.10.1+dfsg-4+nmu1 mentions the CVE number
2013-1016; this vulnerability is actually cve-2012-1016 (note 2012 instead
of 2013).
I don't see a debian-security-announce mail yet, so hopefully the typo
will not be promulgated there.
-Ben
On Tue, 2013-03-19 at 15:47 -0400, Benjamin Kaduk wrote:
reopen 702633
Why? Do you believe that the 1.10.1+dfsg-4+nmu1 package does not contain
a fix for this bug?
If the answer to my first question is because it's not fixed in stable
yet, then the re-opening was incorrect, as the actual effect
On Tue, 19 Mar 2013, Adam D. Barratt wrote:
On Tue, 2013-03-19 at 15:47 -0400, Benjamin Kaduk wrote:
reopen 702633
Why? Do you believe that the 1.10.1+dfsg-4+nmu1 package does not contain
a fix for this bug?
The changelog entry for 1.10.1+dfsg-4+nmu1 mentions the wrong CVE number,
and as
Control: fixed -1 1.10.1+dfsg-4+nmu1
On Tue, 2013-03-19 at 16:04 -0400, Benjamin Kaduk wrote:
On Tue, 19 Mar 2013, Adam D. Barratt wrote:
On Tue, 2013-03-19 at 15:47 -0400, Benjamin Kaduk wrote:
reopen 702633
Why? Do you believe that the 1.10.1+dfsg-4+nmu1 package does not contain
a
Hi Benjamin
On Tue, Mar 19, 2013 at 04:04:59PM -0400, Benjamin Kaduk wrote:
On Tue, 19 Mar 2013, Adam D. Barratt wrote:
On Tue, 2013-03-19 at 15:47 -0400, Benjamin Kaduk wrote:
reopen 702633
Why? Do you believe that the 1.10.1+dfsg-4+nmu1 package does not contain
a fix for this bug?
tags 702633 + patch
thanks
Hello,
After checking the source code, this part of the code does not seem to
have changed between 1.10.1 and 1.10.4, so AFAIU this bug affects at
least the version available in testing and unstable. The current code
is:
if ((rep9 != NULL
Package: src:krb5
Version: 1.10.1+dfsg-4
Severity: serious
Tags: security
Dear kerberos maintainers,
I noticed that your recent upload of 1.10.1+dfsg-4 fixed CVE-2013-1415,
but it does not say anything about CVE-2012-1016. Those two
vulnerabilities were fixed in the same upstream release 1.10.4.
7 matches
Mail list logo
