← Back to branch summary

~ubuntu-branches/ubuntu/dapper/krb5/dapper-updates

~ubuntu-branches/ubuntu/dapper/krb5/dapper-updates

« back to all changes in this revision

Viewing changes to debian/changelog

Committer: Bazaar Package Importer
Author(s): Kees Cook
Date: 2010-01-11 14:40:21 UTC
Revision ID: james.westby@ubuntu.com-20100111144021-54akl1okuud4tahn

Tags: 1.4.3-5ubuntu0.10

* SECURITY UPDATE: unauthenticated remote attacker can crash or
  compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
  - debian/patches/MITKRB5-SA-2009-004 backported and applied inline.
  - http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt

files added:
debian/patches/MITKRB5-SA-2009-004

src/lib/crypto/t_short.c

files modified:
debian/changelog

src/lib/crypto/Makefile.in

src/lib/crypto/arcfour/arcfour.c

src/lib/crypto/dk/dk_decrypt.c

src/lib/crypto/enc_provider/aes.c

src/lib/crypto/old/old_decrypt.c

src/lib/crypto/raw/raw_decrypt.c

src/tests/asn.1/Makefile.in

src/util/db2/test/hash1.tests/testit

src/util/db2/test/run.test

Show diffs side-by-side

added added

removed removed

debian/changelog

1

krb5 (1.4.3-5ubuntu0.10) dapper-security; urgency=low

2

3

* SECURITY UPDATE: unauthenticated remote attacker can crash or

4

compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).

5

- debian/patches/MITKRB5-SA-2009-004 backported and applied inline.

6

- http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt

7

8

-- Kees Cook <kees@ubuntu.com> Mon, 11 Jan 2010 14:40:21 -0800

9

1

10

krb5 (1.4.3-5ubuntu0.8) dapper-security; urgency=low

2

11

3

12

* SECURITY UPDATE: denial of service via memory corruption.

Older »