Attaching details in a moment.
Created attachment 145336 [details] MITKRB5-SA-2008-001
Created attachment 145337 [details] MITKRB5-SA-2008-002
I'll rate this classified because MIT asked not to publish their drafts.
Markus, please prepare an ebuild using the patches inside the two advisories and attach it to this bug. Do not commit anything to CVS or make details about this vulnerability public.
Adding Wulf.
In case you attach ebuilds, please include the patches mentioned in bug 199205. Seeing that this will become public today, we might as well bump to the new release which will include patches for all these vulnerabilities.
Created attachment 146508 [details, diff] 1.5-MITKRB5-SA-2008-001.patch
Created attachment 146509 [details, diff] 1.6-MITKRB5-SA-2008-001.patch
Created attachment 146510 [details, diff] MITKRB5-SA-2008-002.patch
Created attachment 146511 [details] mit-krb5-1.5.3-r2.ebuild
Created attachment 146512 [details] mit-krb5/mit-krb5-1.6.3.ebuild
also whoever sent those advisories in, please break a bone there for sending in patches with broken whitespaces... could have done something else than this the last 1 1/2 hours ;)
(as sent to me by rbu) Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer
Debian just released DSA 1524-1, so i guess we can this opened and committet.
okay, update... scratch the 1.5 release. a fellow just updated servers and all work fine with 1.6, so we can go straight to that version
okay, this is public now, so removing sec liaisons, adding arches, and filing GLSA request. if everyone's responsive enough, we shouldn't be too late :) target for stabilisation is app-crypt/mit-krb5-1.6.3, just commited by jokey. keywords "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
(In reply to comment #16) > if everyone's responsive enough, we shouldn't be too late :) OK, here goes: > target for stabilisation is app-crypt/mit-krb5-1.6.3, just commited by jokey. It hasn't been committed yet! :)
ppc stable
(In reply to comment #17) > It hasn't been committed yet! :) Ah, it's there now.
fixing priority which i set back to p2 for whatever reason ...
Stable for HPPA.
public via http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
x86 stable
app-crypt/mit-krb5-1.6.3 stable on ppc64
alpha/ia64/sparc stable
Stable on amd64/arm
GLSA 200803-31