Attaching details in a moment.
Created attachment 145336 [details]
Created attachment 145337 [details]
I'll rate this classified because MIT asked not to publish their drafts.
Markus, please prepare an ebuild using the patches inside the two advisories and attach it to this bug. Do not commit anything to CVS or make details about this vulnerability public.
In case you attach ebuilds, please include the patches mentioned in bug 199205.
Seeing that this will become public today, we might as well bump to the new release which will include patches for all these vulnerabilities.
Created attachment 146508 [details, diff]
Created attachment 146509 [details, diff]
Created attachment 146510 [details, diff]
Created attachment 146511 [details]
Created attachment 146512 [details]
also whoever sent those advisories in, please break a bone there for sending in patches with broken whitespaces... could have done something else than this the last 1 1/2 hours ;)
(as sent to me by rbu)
Arch Security Liaisons, please test the attached ebuild and report it
stable on this bug.
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release
s390 sh sparc x86"
CC'ing current Liaisons:
alpha : ferdy
amd64 : welp
hppa : jer
ppc : dertobi123
ppc64 : corsair
release : pva
sparc : fmccor
x86 : opfer
Debian just released DSA 1524-1, so i guess we can this opened and committet.
okay, update... scratch the 1.5 release. a fellow just updated servers and all work fine with 1.6, so we can go straight to that version
okay, this is public now, so removing sec liaisons, adding arches, and filing GLSA request. if everyone's responsive enough, we shouldn't be too late :)
target for stabilisation is app-crypt/mit-krb5-1.6.3, just commited by jokey. keywords "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
(In reply to comment #16)
> if everyone's responsive enough, we shouldn't be too late :)
OK, here goes:
> target for stabilisation is app-crypt/mit-krb5-1.6.3, just commited by jokey.
It hasn't been committed yet! :)
(In reply to comment #17)
> It hasn't been committed yet! :)
Ah, it's there now.
fixing priority which i set back to p2 for whatever reason ...
Stable for HPPA.
app-crypt/mit-krb5-1.6.3 stable on ppc64
Stable on amd64/arm