2004-002-patch_1.2.7.txt
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt
The associated detached PGP signature is at:
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt.asc
I find that the PGP signature doesn't verify. Is anyone
On Wed, Sep 01, 2004 at 08:19:33AM -0700, Mike Friedman wrote:
2004-002-patch_1.2.7.txt
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt
The associated detached PGP signature is at:
*** WARNING ***
I'm going to start an exchange to try to determine whether Mike has the
correct bits and why he can't verify the signature. It should be noted
that this entire exchange is occuring over unprotected email, and so it is
a bad idea to rely on statements made by either of us like
On Wed, 1 Sep 2004 at 13:44 (-0300), Andreas wrote:
On Wed, Sep 01, 2004 at 08:19:33AM -0700, Mike Friedman wrote:
2004-002-patch_1.2.7.txt
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt
The associated detached PGP signature is at:
On Wed, Sep 01, 2004 at 10:06:49AM -0700, Mike Friedman wrote:
I have no trouble verifying the asn1 (MITKRB5-SA-2004-003) patch with PGP.
Why can't I get -002 to verify?
Any other ideas? I'm doing this on Solaris 8, using PGP 6.5.8.
Well, I'm using gnupg. Perhaps there is some
On 01-Sep-2004, Mike Friedman [EMAIL PROTECTED] wrote:
2004-002-patch_1.2.7.txt
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt
The associated detached PGP signature is at:
http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt.asc
--On Wednesday, September 01, 2004 17:25:59 + Mike Friedman
[EMAIL PROTECTED] wrote:
I have no trouble verifying the asn1 (MITKRB5-SA-2004-003) patch with PGP.
Why can't I get -002 to verify?
Any other ideas? I'm doing this on Solaris 8, using PGP 6.5.8.
It appears as though pgp 6 does
On Wed, 1 Sep 2004 at 15:00 (-0400), Chaskiel M Grundman wrote:
It appears that gnupg removes trailing blanks from every line, and pgp6
does not. The following scriptlet will convert one of these patch files
into a form that pgp 6.5.8/linux is able to verify for me:
perl -ne
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2004-002
Original release: 2004-08-31
Topic: double-free vulnerabilities in KDC and libraries
Severity: CRITICAL
SUMMARY
===
The MIT Kerberos 5 implementation's Key Distribution Center (KDC)
program contains a
On Tue, 31 Aug 2004 at 14:29 (-0400), Tom Yu wrote:
+ If you are running krb5-1.2 through krb5-1.2.7, and have not
applied the patches to disable krb4 cross-realm functionality,
apply 2004-002-patch_1.2.7.txt.
I just downloaded the above patch and the corresponding detached
10 matches
Mail list logo