Sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
krb5 (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/krb5
status confirmed
importance wishlist
subscribe ubuntu-archive
done
Please sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
krb5 has some ABI issues in 1.8, and are fixed in 1.8.1. We should use
1.8.1 for Lucid. Since upstream krb5 tends to be very stable, I think
this is worth the risk of regression.
Changelog entries since current lucid version 1.8+dfsg~
krb5 (1.8.1+dfsg-2) unstable; urgency=high
* Fix crash in renewal and validation, Thanks Joel Johnson for such a
prompt bug report, Closes: #577490
-- Sam Hartman <email address hidden> Mon, 12 Apr 2010 13:08:35 -0400
krb5 (1.8.1+dfsg-1) unstable; urgency=high
* New upstream release
* Fixes significant ABI incompatibility between Heimdal and MIT in the
init_creds_step API; backward incompatible change in the meaning of
the flags API. Since this was introduced in 1.8 and since no better
solution was found, it's felt that getting 1.8.1 out everywhere that
had 1.8 very promptly is the right approach. Otherwise software build
against 1.8 will be broken in the future.
* Testing of Kerberos 1.8 showed an incompatibility between Heimdal/MIT
Kerberos and Microsoft Kerberos; resolve this incompatibility. As a
result, mixing KDCs between 1.8 and 1.8.1 in the same realm may
produce undesirable results for constrained delegation. Again,
another reason to replace 1.8 with 1.8.1 as soon as possible.
* Acknowledge security team upload, thanks for picking up the slack and
sorry it was necessary
-- Sam Hartman <email address hidden> Sun, 11 Apr 2010 10:12:59 -0400
krb5 (1.8+dfsg-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-0628: denial of service (assertion failure and daemon crash)
via an invalid packet that triggers incorrect preparation of an error
token. (Closes: 575740)
* Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703)
-- Giuseppe Iuculano <email address hidden> Fri, 09 Apr 2010 19:11:50 +0200
krb5 (1.8+dfsg-1) unstable; urgency=low
* New upstream version
* Include new upstream notice file in docs
* Update symbols files
* Include upstream ticket 6676: fix handling of cross-realm tickets
issued by W2K8R2
* Add ipv6 support to kprop, Michael Stapelberg, Closes: #549476
* New Brazilian Portuguese translations, Thanks Eder L. Marques,
Closes: #574149
-- Sam Hartman <email address hidden> Wed, 17 Mar 2010 15:51:54 -0400
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Kees Cook <email address hidden>
iEYEARECAAYFAkv
daEAnAu1Y5V9xz5
=i9Xn
-----END PGP SIGNATURE-----