[Git][security-tracker-team/security-tracker][master] Reserve DLA-2771-1 for krb5
Adrian Bunk (@bunk)
bunk at debian.org
Thu Sep 30 21:04:25 BST 2021
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
210740c6 by Adrian Bunk at 2021-09-30T23:04:09+03:00
Reserve DLA-2771-1 for krb5
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -182665,7 +182665,6 @@ CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware
CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...)
{DLA-1643-1}
- krb5 1.16.2-1 (low; bug #917387)
- [stretch] - krb5 <no-dsa> (Minor issue)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...)
@@ -230068,13 +230067,11 @@ CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the sc
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
{DLA-1643-1}
- krb5 1.16.1-1 (bug #891869)
- [stretch] - krb5 <no-dsa> (Minor issue)
[wheezy] - krb5 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
{DLA-1643-1}
- krb5 1.16.1-1 (bug #891869)
- [stretch] - krb5 <no-dsa> (Minor issue)
[wheezy] - krb5 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Sep 2021] DLA-2771-1 krb5 - security update
+ {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
+ [stretch] - krb5 1.15-1+deb9u3
[30 Sep 2021] DLA-2770-1 weechat - security update
{CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516}
[stretch] - weechat 1.6-1+deb9u3
=====================================
data/dla-needed.txt
=====================================
@@ -51,9 +51,6 @@ firmware-nonfree
--
jsoup (Markus Koschany)
--
-krb5 (Adrian Bunk)
- NOTE: 20210905: testing fixes
---
linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/210740c63e59d4ad1c2e1352139677b9b5f568f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/210740c63e59d4ad1c2e1352139677b9b5f568f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210930/4829cd73/attachment.htm>
More information about the debian-security-tracker-commits
mailing list