Author: Ubuntu Git Importer
Author Date: 2019-01-14 21:27:33 UTC

DSC file for 1.13.2+dfsg-5ubuntu2.1

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:48:01 UTC

Import patches-unapplied version 1.16-2ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: c221d89f3ca6e47f972ac69b1651bd7de6dd234b

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:46:00 UTC

Import patches-applied version 1.13.2+dfsg-5ubuntu2.1 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9a5dbece3beb6f4875142e42ca3ae1d35a70185f
Unapplied parent: 420092c36aef6a484bc8622088f817d04624522b

New changelog entries:
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:46:00 UTC

Import patches-unapplied version 1.13.2+dfsg-5ubuntu2.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 35d44280dcb40618dc55aa02e30029bd57d3d8c9

New changelog entries:
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:49:38 UTC

Import patches-applied version 1.16-2ubuntu1.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 2f0c23c27c570e6013af097c086659cfd088ac61
Unapplied parent: 125f1145d021a15181fa647f0f87fa28f3e23fbf

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:46:00 UTC

Import patches-unapplied version 1.13.2+dfsg-5ubuntu2.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 35d44280dcb40618dc55aa02e30029bd57d3d8c9

New changelog entries:
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:46:00 UTC

Import patches-applied version 1.13.2+dfsg-5ubuntu2.1 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9a5dbece3beb6f4875142e42ca3ae1d35a70185f
Unapplied parent: 420092c36aef6a484bc8622088f817d04624522b

New changelog entries:
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:49:38 UTC

Import patches-applied version 1.16-2ubuntu1.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 2f0c23c27c570e6013af097c086659cfd088ac61
Unapplied parent: 125f1145d021a15181fa647f0f87fa28f3e23fbf

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:48:01 UTC

Import patches-unapplied version 1.16-2ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: c221d89f3ca6e47f972ac69b1651bd7de6dd234b

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:49:38 UTC

Import patches-unapplied version 1.16-2ubuntu1.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9a687314eb958bad4555652503eaafb3d64d9e4c

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:48:01 UTC

Import patches-unapplied version 1.16-2ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: c221d89f3ca6e47f972ac69b1651bd7de6dd234b

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:48:01 UTC

Import patches-applied version 1.16-2ubuntu0.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 45e6b99014cee93f4d040d29658cfedeaa0a8348
Unapplied parent: 0ec8af02950cadc8b3bdd8d392ca605d097c2df0

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:48:01 UTC

Import patches-applied version 1.16-2ubuntu0.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 45e6b99014cee93f4d040d29658cfedeaa0a8348
Unapplied parent: 0ec8af02950cadc8b3bdd8d392ca605d097c2df0

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:46:00 UTC

Import patches-applied version 1.13.2+dfsg-5ubuntu2.1 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9a5dbece3beb6f4875142e42ca3ae1d35a70185f
Unapplied parent: 420092c36aef6a484bc8622088f817d04624522b

New changelog entries:
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:49:38 UTC

Import patches-unapplied version 1.16-2ubuntu1.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9a687314eb958bad4555652503eaafb3d64d9e4c

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:49:38 UTC

Import patches-unapplied version 1.16-2ubuntu1.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9a687314eb958bad4555652503eaafb3d64d9e4c

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:46:00 UTC

Import patches-unapplied version 1.13.2+dfsg-5ubuntu2.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 35d44280dcb40618dc55aa02e30029bd57d3d8c9

New changelog entries:
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:48:01 UTC

Import patches-applied version 1.16-2ubuntu0.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 45e6b99014cee93f4d040d29658cfedeaa0a8348
Unapplied parent: 0ec8af02950cadc8b3bdd8d392ca605d097c2df0

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-11 15:49:38 UTC

Import patches-applied version 1.16-2ubuntu1.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 2f0c23c27c570e6013af097c086659cfd088ac61
Unapplied parent: 125f1145d021a15181fa647f0f87fa28f3e23fbf

New changelog entries:
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Ubuntu Git Importer
Author Date: 2019-01-14 04:35:38 UTC

DSC file for 1.17-1

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-applied version 1.17-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e4171f30f9536f7a4ac2dd27c05acd9ecf4c4fe
Unapplied parent: 4be5e70f6e326a0e62288cb4f8e34f67dbf5d18a

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-applied version 1.17-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e4171f30f9536f7a4ac2dd27c05acd9ecf4c4fe
Unapplied parent: 4be5e70f6e326a0e62288cb4f8e34f67dbf5d18a

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-applied version 1.17-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e4171f30f9536f7a4ac2dd27c05acd9ecf4c4fe
Unapplied parent: 4be5e70f6e326a0e62288cb4f8e34f67dbf5d18a

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06f03caaeba54d863e21c3a8b9e8b6fe00d5ceac

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06f03caaeba54d863e21c3a8b9e8b6fe00d5ceac

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-applied version 1.17-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e4171f30f9536f7a4ac2dd27c05acd9ecf4c4fe
Unapplied parent: 4be5e70f6e326a0e62288cb4f8e34f67dbf5d18a

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-applied version 1.17-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e4171f30f9536f7a4ac2dd27c05acd9ecf4c4fe
Unapplied parent: 4be5e70f6e326a0e62288cb4f8e34f67dbf5d18a

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06f03caaeba54d863e21c3a8b9e8b6fe00d5ceac

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06f03caaeba54d863e21c3a8b9e8b6fe00d5ceac

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-applied version 1.17-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e4171f30f9536f7a4ac2dd27c05acd9ecf4c4fe
Unapplied parent: 4be5e70f6e326a0e62288cb4f8e34f67dbf5d18a

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06f03caaeba54d863e21c3a8b9e8b6fe00d5ceac

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Sam Hartman
Author Date: 2019-01-13 20:59:40 UTC

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06f03caaeba54d863e21c3a8b9e8b6fe00d5ceac

New changelog entries:
  * New Upstream release
  * Don't include all memory ccaches in ccache collection, avoids invalid
    mutex, Closes: #918088
  * The default path for the KDC database even without a config file is
    /var/lib/krb5kdc/principal, Closes: #777579

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-09 16:01:22 UTC

Import patches-unapplied version 1.12+dfsg-2ubuntu5.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 68da9fe2c775915deb3946585836ba1caab0fe9c

New changelog entries:
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-09 16:01:22 UTC

Import patches-unapplied version 1.12+dfsg-2ubuntu5.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 68da9fe2c775915deb3946585836ba1caab0fe9c

New changelog entries:
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-09 16:01:22 UTC

Import patches-applied version 1.12+dfsg-2ubuntu5.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2d1ec9e348e6bc42973922596a61a6bf9668ee45
Unapplied parent: 2d0de0e679cccea15d2af50a4d17995e2ef2fee4

New changelog entries:
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-09 16:01:22 UTC

Import patches-applied version 1.12+dfsg-2ubuntu5.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2d1ec9e348e6bc42973922596a61a6bf9668ee45
Unapplied parent: 2d0de0e679cccea15d2af50a4d17995e2ef2fee4

New changelog entries:
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-09 16:01:22 UTC

Import patches-unapplied version 1.12+dfsg-2ubuntu5.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 68da9fe2c775915deb3946585836ba1caab0fe9c

New changelog entries:
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Eduardo dos Santos Barretto
Author Date: 2019-01-09 16:01:22 UTC

Import patches-applied version 1.12+dfsg-2ubuntu5.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2d1ec9e348e6bc42973922596a61a6bf9668ee45
Unapplied parent: 2d0de0e679cccea15d2af50a4d17995e2ef2fee4

New changelog entries:
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted string
    - debian/patches/CVE-2015-8629.patch: Verify decode kadmin C strings
    - CVE-2015-8629
  * SECURITY UPDATE: DoS (NULL pointer dereference) by specifying KADM5_POLICY
    with a NULL policy name
    - debian/patches/CVE-2015-8630.patch: Check for null kadm5 policy name
    - CVE-2015-8630
  * SECURITY UPDATE: DoS (memory consumption) via a request specifying a NULL
    principal name
    - debian/patches/CVE-2015-8631.patch: Fix leaks in kadmin server stubs
    - CVE-2015-8631
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted request to
    modify a principal
    - debian/patches/CVE-2016-3119.patch: Fix LDAP null dereference on
      empty arg
    - CVE-2016-3119
  * SECURITY UPDATE: DoS (NULL pointer dereference) via an S4U2Self request
    - debian/patches/CVE-2016-3120.patch: Fix S4U2Self KDC crash when anon
      is restricted
    - CVE-2016-3120
  * SECURITY UPDATE: KDC assertion failure
    - debian/patches/CVE-2017-11368-1.patch: Prevent KDC unset status
      assertion failures
    - debian/patches/CVE-2017-11368-2.patch: Simplify KDC status assignment
    - CVE-2017-11368
  * SECURITY UPDATE: Double free vulnerability
    - debian/patches/CVE-2017-11462.patch: Preserve GSS context on init/accept
      failure
    - CVE-2017-11462
  * SECURITY UPDATE: Authenticated kadmin with permission to add principals
    to an LDAP Kerberos can DoS or bypass DN container check.
    - debian/patches/CVE-2018-5729-CVE-2018-5730.patch: Fix flaws in LDAP DN
      checking
    - CVE-2018-5729
    - CVE-2018-5730

Author: Andreas Hasenack
Author Date: 2018-07-06 18:39:44 UTC

Import patches-unapplied version 1.16-2ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 171213f69220df0e4d55dd2f969747533bd62f01

Author: Andreas Hasenack
Author Date: 2018-07-06 18:39:44 UTC

Import patches-applied version 1.16-2ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 45e6b99014cee93f4d040d29658cfedeaa0a8348
Unapplied parent: ba69a03e2540d8f44673afd7d18bd40456db6c1a

New changelog entries:
  * Add DEP8 tests (LP: #1677881):
    - d/t/util: common functions used in the tests
    - d/t/control, d/t/kinit: simple kinit test
    - d/t/control, d/t/slapd-gssapi: DEP8 test for service principals

Author: Andreas Hasenack
Author Date: 2018-07-06 18:39:44 UTC

Import patches-applied version 1.16-2ubuntu1 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 45e6b99014cee93f4d040d29658cfedeaa0a8348
Unapplied parent: ba69a03e2540d8f44673afd7d18bd40456db6c1a

New changelog entries:
  * Add DEP8 tests (LP: #1677881):
    - d/t/util: common functions used in the tests
    - d/t/control, d/t/kinit: simple kinit test
    - d/t/control, d/t/slapd-gssapi: DEP8 test for service principals

Author: Andreas Hasenack
Author Date: 2018-07-06 18:39:44 UTC

Import patches-unapplied version 1.16-2ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 171213f69220df0e4d55dd2f969747533bd62f01

Author: Ubuntu Git Importer
Author Date: 2018-03-09 10:48:46 UTC

pristine-tar data for krb5_1.16.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-09 08:25:40 UTC

pristine-tar data for krb5_1.16.orig.tar.gz

Author: Dimitri John Ledkov
Author Date: 2018-02-05 16:50:17 UTC

Import patches-applied version 1.16-2build1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c48b4e05cb6b7e1ed60936f9dd88dbd3467a4ceb
Unapplied parent: 6eb36a654c71eab29fc05d72b61888786b8a125b

New changelog entries:
  * No change rebuild against openssl1.1.

Author: Dimitri John Ledkov
Author Date: 2018-02-05 16:50:17 UTC

Import patches-applied version 1.16-2build1 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c48b4e05cb6b7e1ed60936f9dd88dbd3467a4ceb
Unapplied parent: 6eb36a654c71eab29fc05d72b61888786b8a125b

New changelog entries:
  * No change rebuild against openssl1.1.

Author: Dimitri John Ledkov
Author Date: 2018-02-05 16:50:17 UTC

Import patches-unapplied version 1.16-2build1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 33c956050b3d5dbcb1d400107d0ed093f133b55a

New changelog entries:
  * No change rebuild against openssl1.1.

Author: Dimitri John Ledkov
Author Date: 2018-02-05 16:50:17 UTC

Import patches-unapplied version 1.16-2build1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 33c956050b3d5dbcb1d400107d0ed093f133b55a

New changelog entries:
  * No change rebuild against openssl1.1.

Author: Sam Hartman
Author Date: 2017-08-28 15:55:49 UTC

Import patches-applied version 1.12.1+dfsg-19+deb8u4 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: a6d31c65acbf59f839acc1dfcbed3bdaea37aa60
Unapplied parent: 190a50590756f4d2ff87dbd3c33fd2fa9ceab553

New changelog entries:
  * New version number; same code as deb8u3 but rebuilt to build arch all
    packages and because dgit doesn't deal well with reusing a version
    number when a package is rejected
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * fix for CVE-2016-3120 (kdc crash on restrict_anon_to_tgt), Closes:
    #832572
  * fix for CVE-2016-3119: remote DOS with ldap for authenticated
    attackers, Closes: #819468
  * Prevent requires_preauth bypass (CVE-2015-2694), Closes: #783557

Author: Sam Hartman
Author Date: 2017-08-28 15:55:49 UTC

Import patches-unapplied version 1.12.1+dfsg-19+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: bcb004543217fbcfbf3cc588e367ca3c927b9c39

New changelog entries:
  * New version number; same code as deb8u3 but rebuilt to build arch all
    packages and because dgit doesn't deal well with reusing a version
    number when a package is rejected
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * fix for CVE-2016-3120 (kdc crash on restrict_anon_to_tgt), Closes:
    #832572
  * fix for CVE-2016-3119: remote DOS with ldap for authenticated
    attackers, Closes: #819468
  * Prevent requires_preauth bypass (CVE-2015-2694), Closes: #783557

Author: Sam Hartman
Author Date: 2017-08-09 16:19:50 UTC

Import patches-unapplied version 1.15-1+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: c1c9a02ffa08f00a8d7d4ed5b3ab0f597f5a9f0e

New changelog entries:
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
    address, and to fix handling of explicitly specified v4 wildcard
    address; regression over previous versions, Closes: #860767
  * Fix SRV lookups to respect udp_preference_limit, regression over
    previous versions with OTP, Closes: #856307

Author: Sam Hartman
Author Date: 2017-08-09 16:19:50 UTC

Import patches-applied version 1.15-1+deb9u1 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 48215746fcfa8194bbf92cd353f0d0f1c8cbf4d7
Unapplied parent: aa8c5bad003bc85780c4ebfcf30933e667d7cc69

New changelog entries:
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
    address, and to fix handling of explicitly specified v4 wildcard
    address; regression over previous versions, Closes: #860767
  * Fix SRV lookups to respect udp_preference_limit, regression over
    previous versions with OTP, Closes: #856307

Author: Sam Hartman
Author Date: 2017-07-23 18:16:38 UTC

Import patches-unapplied version 1.15.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 12c20eb0781a66387370b767aa81188d2a6c9d32

New changelog entries:
  * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
    Yamane, Closes: #868035
  * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
    minimize the impact of future DOS bugs.

Author: Sam Hartman
Author Date: 2017-07-23 18:16:38 UTC

Import patches-unapplied version 1.15.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 12c20eb0781a66387370b767aa81188d2a6c9d32

New changelog entries:
  * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
    Yamane, Closes: #868035
  * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
    minimize the impact of future DOS bugs.

Author: Sam Hartman
Author Date: 2017-07-23 18:16:38 UTC

Import patches-applied version 1.15.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: da3e933604d5ac7687b9e591c3e23aa4d839cc35
Unapplied parent: b29809b75b27d593127122dba55b2dcd221656be

New changelog entries:
  * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
    Yamane, Closes: #868035
  * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
    minimize the impact of future DOS bugs.

Author: Sam Hartman
Author Date: 2017-07-23 18:16:38 UTC

Import patches-applied version 1.15.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: da3e933604d5ac7687b9e591c3e23aa4d839cc35
Unapplied parent: b29809b75b27d593127122dba55b2dcd221656be

New changelog entries:
  * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
    Yamane, Closes: #868035
  * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
    minimize the impact of future DOS bugs.

Author: Sam Hartman
Author Date: 2017-07-23 18:16:38 UTC

Import patches-applied version 1.15.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: da3e933604d5ac7687b9e591c3e23aa4d839cc35
Unapplied parent: b29809b75b27d593127122dba55b2dcd221656be

New changelog entries:
  * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
    Yamane, Closes: #868035
  * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
    minimize the impact of future DOS bugs.

Author: Sam Hartman
Author Date: 2017-07-23 18:16:38 UTC

Import patches-unapplied version 1.15.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 12c20eb0781a66387370b767aa81188d2a6c9d32

New changelog entries:
  * Depend on libsasl2-dev for LDAP SASL authentication, Thanks Hideki
    Yamane, Closes: #868035
  * Remove /etc/gss/mech.d/README on libgssapi-krb5-2 purge, Closes: #868121
  * CVE-2017-11368: Remote authenticated attackers can crash the KDC,
    Closes: #869260
  * Set Restart=on-abnormal in krb5-kdc.service and krb5-admind.service to
    minimize the impact of future DOS bugs.

Author: Andreas Hasenack
Author Date: 2017-05-05 14:05:38 UTC

Import patches-applied version 1.15-1ubuntu0.1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 48215746fcfa8194bbf92cd353f0d0f1c8cbf4d7
Unapplied parent: 66183de2c818147becc6a4c924680ec3949336ee

New changelog entries:
  * Pulled in Debian fixes from Sam Hartman for:
    - kinit fails for OTP user when using kdc discovery via DNS
      (LP: #1683237)
    - KDC/kadmind explicit wildcard listener addresses do not use pktinfo
      (LP: #1688121)
    - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)

Author: Andreas Hasenack
Author Date: 2017-05-05 14:05:38 UTC

Import patches-applied version 1.15-1ubuntu0.1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 48215746fcfa8194bbf92cd353f0d0f1c8cbf4d7
Unapplied parent: 66183de2c818147becc6a4c924680ec3949336ee

New changelog entries:
  * Pulled in Debian fixes from Sam Hartman for:
    - kinit fails for OTP user when using kdc discovery via DNS
      (LP: #1683237)
    - KDC/kadmind explicit wildcard listener addresses do not use pktinfo
      (LP: #1688121)
    - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)

Author: Andreas Hasenack
Author Date: 2017-05-05 14:05:38 UTC

Import patches-applied version 1.15-1ubuntu0.1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 48215746fcfa8194bbf92cd353f0d0f1c8cbf4d7
Unapplied parent: 66183de2c818147becc6a4c924680ec3949336ee

New changelog entries:
  * Pulled in Debian fixes from Sam Hartman for:
    - kinit fails for OTP user when using kdc discovery via DNS
      (LP: #1683237)
    - KDC/kadmind explicit wildcard listener addresses do not use pktinfo
      (LP: #1688121)
    - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)

Author: Andreas Hasenack
Author Date: 2017-05-05 14:05:38 UTC

Import patches-unapplied version 1.15-1ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: c1c9a02ffa08f00a8d7d4ed5b3ab0f597f5a9f0e
Upload parent: 26d08c4e6727ce4496f932c6307bde8a006cebdd

New changelog entries:
  * Pulled in Debian fixes from Sam Hartman for:
    - kinit fails for OTP user when using kdc discovery via DNS
      (LP: #1683237)
    - KDC/kadmind explicit wildcard listener addresses do not use pktinfo
      (LP: #1688121)
    - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)

Author: Andreas Hasenack
Author Date: 2017-05-05 14:05:38 UTC

Import patches-unapplied version 1.15-1ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: c1c9a02ffa08f00a8d7d4ed5b3ab0f597f5a9f0e
Upload parent: 26d08c4e6727ce4496f932c6307bde8a006cebdd

New changelog entries:
  * Pulled in Debian fixes from Sam Hartman for:
    - kinit fails for OTP user when using kdc discovery via DNS
      (LP: #1683237)
    - KDC/kadmind explicit wildcard listener addresses do not use pktinfo
      (LP: #1688121)
    - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)

Author: Andreas Hasenack
Author Date: 2017-05-05 14:05:38 UTC

Import patches-unapplied version 1.15-1ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: c1c9a02ffa08f00a8d7d4ed5b3ab0f597f5a9f0e
Upload parent: 26d08c4e6727ce4496f932c6307bde8a006cebdd

New changelog entries:
  * Pulled in Debian fixes from Sam Hartman for:
    - kinit fails for OTP user when using kdc discovery via DNS
      (LP: #1683237)
    - KDC/kadmind explicit wildcard listener addresses do not use pktinfo
      (LP: #1688121)
    - KDC/kadmind may fail to start on IPv4-only systems (LP: #1688310)

Author: Sam Hartman
Author Date: 2017-04-19 20:50:01 UTC

Import patches-unapplied version 1.15-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: c1c9a02ffa08f00a8d7d4ed5b3ab0f597f5a9f0e

New changelog entries:
  * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
    address, and to fix handling of explicitly specified v4 wildcard
    address; regression over previous versions, Closes: #860767
  * Fix SRV lookups to respect udp_preference_limit, regression over
    previous versions with OTP, Closes: #856307

Author: Sam Hartman
Author Date: 2017-04-19 20:50:01 UTC

Import patches-applied version 1.15-2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 48215746fcfa8194bbf92cd353f0d0f1c8cbf4d7
Unapplied parent: 8a45b3994fa67264cfefa88b020a0ff33035509c

New changelog entries:
  * Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
    address, and to fix handling of explicitly specified v4 wildcard
    address; regression over previous versions, Closes: #860767
  * Fix SRV lookups to respect udp_preference_limit, regression over
    previous versions with OTP, Closes: #856307

Author: Eric Desrochers
Author Date: 2017-01-16 14:06:57 UTC

Import patches-applied version 1.13.2+dfsg-5ubuntu2 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9c10974e4fae34422d4a068abfc4cbe4b23bb30a
Unapplied parent: 0144b4d4c561014c9f6d286b5a8a20daf7385e9e

New changelog entries:
  * Fix segfault in context_handle (LP: #1648901).
    - d/p/check_internal_context_on_init_context_errors.patch:
    Cherry picked patch from upstream VCS.

Author: Eric Desrochers
Author Date: 2017-01-16 14:06:57 UTC

Import patches-unapplied version 1.13.2+dfsg-5ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: e3fcbf1fe7c8fb23ac625d24f3015ee328a37b7c

New changelog entries:
  * Fix segfault in context_handle (LP: #1648901).
    - d/p/check_internal_context_on_init_context_errors.patch:
    Cherry picked patch from upstream VCS.

Author: Steve Langasek
Author Date: 2016-11-22 01:01:33 UTC

Import patches-applied version 1.14.3+dfsg-2ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 12c26c1d6273aa057a9049dc00e065bd382d4be7
Unapplied parent: 00fdd201bb6db93ac91fe48542b7df923abd5a4a

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 01:01:33 UTC

Import patches-applied version 1.14.3+dfsg-2ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 12c26c1d6273aa057a9049dc00e065bd382d4be7
Unapplied parent: 00fdd201bb6db93ac91fe48542b7df923abd5a4a

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 01:01:33 UTC

Import patches-unapplied version 1.14.3+dfsg-2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 4a9110524056af47163831a7ed63b6af1e11c51f

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 02:14:47 UTC

Import patches-unapplied version 1.12+dfsg-2ubuntu5.3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 26e46c4b2a21165bf2aed00963799d83d381232b

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 02:14:47 UTC

Import patches-applied version 1.12+dfsg-2ubuntu5.3 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: cdf0f3e24254abfa0e3c7ba1c35ec2dc21ef3694
Unapplied parent: 2a3e44cb042a21445bf15c76d45fd4dbc86cd73e

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 01:01:33 UTC

Import patches-unapplied version 1.14.3+dfsg-2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 4a9110524056af47163831a7ed63b6af1e11c51f

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 01:01:33 UTC

Import patches-unapplied version 1.14.3+dfsg-2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 4a9110524056af47163831a7ed63b6af1e11c51f

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Steve Langasek
Author Date: 2016-11-22 01:01:33 UTC

Import patches-applied version 1.14.3+dfsg-2ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 12c26c1d6273aa057a9049dc00e065bd382d4be7
Unapplied parent: 00fdd201bb6db93ac91fe48542b7df923abd5a4a

New changelog entries:
  * d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch:
    Cherry-pick from upstream to add SPNEGO special case for
    NTLMSSP+MechListMIC. LP: #1643708.

Author: Benjamin Kaduk
Author Date: 2016-12-04 20:37:57 UTC

Import patches-applied version 1.15-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 7511c7895c97e797aa2c73e6f05da3a5dc10b54a
Unapplied parent: d30f62db0043d1e1aea01c8ee319369483e5274a

New changelog entries:
  [ Benjamin Kaduk ]
  * New upstream version
    - Make zap() more reliable and use it more consistently; the
      previous version could be optimized out by gcc 5.1 or later
    - Update license statement in ccapi/common/win/OldCC/autolock.hxx,
      Closes: #846088
  * Update Debian-HURD-compatibility.patch, Closes: #845381
  * Bump debhelper compat level to 9
  [ Sam Hartman ]
  * Actually build and ship German translations, Closes: #842497

Author: Benjamin Kaduk
Author Date: 2016-12-04 20:37:57 UTC

Import patches-unapplied version 1.15-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4ae290546d68f7651108d53c981a4491f373742c

New changelog entries:
  [ Benjamin Kaduk ]
  * New upstream version
    - Make zap() more reliable and use it more consistently; the
      previous version could be optimized out by gcc 5.1 or later
    - Update license statement in ccapi/common/win/OldCC/autolock.hxx,
      Closes: #846088
  * Update Debian-HURD-compatibility.patch, Closes: #845381
  * Bump debhelper compat level to 9
  [ Sam Hartman ]
  * Actually build and ship German translations, Closes: #842497

Author: Sam Hartman
Author Date: 2016-09-06 01:03:14 UTC

Import patches-unapplied version 1.14.3+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 887980abe92e63b9ad0060f86f44d0b46f426d42

New changelog entries:
  * Fix gcc -O3, thanks Ben Kaduk/Steve Langasek, Closes: #833798
  * Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes:
    #834035

Author: Sam Hartman
Author Date: 2016-09-06 01:03:14 UTC

Import patches-applied version 1.14.3+dfsg-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3227d4e80e568badc19c3f750dc7d47e0fa065f1
Unapplied parent: 1be2e48564ca7996debb1c490f1616f189598d16

New changelog entries:
  * Fix gcc -O3, thanks Ben Kaduk/Steve Langasek, Closes: #833798
  * Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes:
    #834035

Author: Salvatore Bonaccorso
Author Date: 2016-01-31 12:39:43 UTC

Import patches-unapplied version 1.10.1+dfsg-5+deb7u7 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 3b556c08fa8a4fb18d3dcc1223813eda375dbefa

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Verify decoded kadmin C strings [CVE-2015-8629]
    CVE-2015-8629: An authenticated attacker can cause kadmind to read
    beyond the end of allocated memory by sending a string without a
    terminating zero byte. Information leakage may be possible for an
    attacker with permission to modify the database. (Closes: #813296)
  * Fix leaks in kadmin server stubs [CVE-2015-8631]
    CVE-2015-8631: An authenticated attacker can cause kadmind to leak
    memory by supplying a null principal name in a request which uses one.
    Repeating these requests will eventually cause kadmind to exhaust all
    available memory. (Closes: #813126)
  * Non-maintainer upload by the Security Team.
  * Update 0036-Fix-build_principal-memory-bug-CVE-2015-2697.patch.
    Add check on rlen before doing memcpy.
  * Non-maintainer upload by the Security Team.
  * Add missing 0036-Fix-build_principal-memory-bug-CVE-2015-2697.patch.
    CVE-2015-2697: unsafe string handling in TGS processing.
    The previous wheezy-security upload mentioned the fix, but did not
    include the patch in the upload.
    Thanks to Marc Deslauriers (Closes: #803088)
  * Import upstream patches for four CVEs:
    - CVE-2015-2695: SPNEGO context aliasing during establishment,
      Closes: #803083
    - CVE-2015-2696: IAKERB context aliasing during establishment,
      Closes: #803084
    - CVE-2015-2697: unsafe string handling in TGS processing,
      Closes: #803088
    - CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
  * In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
    and CVE-2015-2696 introduced regressions preventing the use of
    gss_import_sec_context() with contexts established using IAKERB
    or SPNEGO; the fixes for those regressions are included here.

Author: Salvatore Bonaccorso
Author Date: 2016-01-31 12:39:43 UTC

Import patches-applied version 1.10.1+dfsg-5+deb7u7 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 6c384c7a0d01b06b5af9744c098d27e7465b04ab
Unapplied parent: ebc6dcf11f71a8a74785c456b7cb15ee4e6063b0

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Verify decoded kadmin C strings [CVE-2015-8629]
    CVE-2015-8629: An authenticated attacker can cause kadmind to read
    beyond the end of allocated memory by sending a string without a
    terminating zero byte. Information leakage may be possible for an
    attacker with permission to modify the database. (Closes: #813296)
  * Fix leaks in kadmin server stubs [CVE-2015-8631]
    CVE-2015-8631: An authenticated attacker can cause kadmind to leak
    memory by supplying a null principal name in a request which uses one.
    Repeating these requests will eventually cause kadmind to exhaust all
    available memory. (Closes: #813126)
  * Non-maintainer upload by the Security Team.
  * Update 0036-Fix-build_principal-memory-bug-CVE-2015-2697.patch.
    Add check on rlen before doing memcpy.
  * Non-maintainer upload by the Security Team.
  * Add missing 0036-Fix-build_principal-memory-bug-CVE-2015-2697.patch.
    CVE-2015-2697: unsafe string handling in TGS processing.
    The previous wheezy-security upload mentioned the fix, but did not
    include the patch in the upload.
    Thanks to Marc Deslauriers (Closes: #803088)
  * Import upstream patches for four CVEs:
    - CVE-2015-2695: SPNEGO context aliasing during establishment,
      Closes: #803083
    - CVE-2015-2696: IAKERB context aliasing during establishment,
      Closes: #803084
    - CVE-2015-2697: unsafe string handling in TGS processing,
      Closes: #803088
    - CVE-2015-2698: regression (memory corruption) in patch for CVE-2015-2696
  * In addition to CVE-2015-2698, the upstream patches for CVE-2015-2695
    and CVE-2015-2696 introduced regressions preventing the use of
    gss_import_sec_context() with contexts established using IAKERB
    or SPNEGO; the fixes for those regressions are included here.

Author: Sam Hartman
Author Date: 2016-02-23 13:54:09 UTC

Import patches-unapplied version 1.13.2+dfsg-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8db3f11cb94b574b6b154cdeb1124b241b115a14

New changelog entries:
  * Security Update
  * Verify decoded kadmin C strings [CVE-2015-8629]
    CVE-2015-8629: An authenticated attacker can cause kadmind to read
    beyond the end of allocated memory by sending a string without a
    terminating zero byte. Information leakage may be possible for an
    attacker with permission to modify the database. (Closes: #813296)
  * Check for null kadm5 policy name [CVE-2015-8630]
    CVE-2015-8630: An authenticated attacker with permission to modify a
    principal entry can cause kadmind to dereference a null pointer by
    supplying a null policy value but including KADM5_POLICY in the mask.
    (Closes: #813127)
  * Fix leaks in kadmin server stubs [CVE-2015-8631]
    CVE-2015-8631: An authenticated attacker can cause kadmind to leak
    memory by supplying a null principal name in a request which uses one.
    Repeating these requests will eventually cause kadmind to exhaust all
    available memory. (Closes: #813126)

Author: Sam Hartman
Author Date: 2016-02-23 13:54:09 UTC

Import patches-applied version 1.13.2+dfsg-5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: b55454d38d6974bebac7352a2778c3e830399e43
Unapplied parent: 560a8c39a9b0208d2029714aacb4a1593df6bd19

New changelog entries:
  * Security Update
  * Verify decoded kadmin C strings [CVE-2015-8629]
    CVE-2015-8629: An authenticated attacker can cause kadmind to read
    beyond the end of allocated memory by sending a string without a
    terminating zero byte. Information leakage may be possible for an
    attacker with permission to modify the database. (Closes: #813296)
  * Check for null kadm5 policy name [CVE-2015-8630]
    CVE-2015-8630: An authenticated attacker with permission to modify a
    principal entry can cause kadmind to dereference a null pointer by
    supplying a null policy value but including KADM5_POLICY in the mask.
    (Closes: #813127)
  * Fix leaks in kadmin server stubs [CVE-2015-8631]
    CVE-2015-8631: An authenticated attacker can cause kadmind to leak
    memory by supplying a null principal name in a request which uses one.
    Repeating these requests will eventually cause kadmind to exhaust all
    available memory. (Closes: #813126)

Author: Marc Deslauriers
Author Date: 2015-11-11 13:36:55 UTC

Import patches-unapplied version 1.13.2+dfsg-2ubuntu0.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: a0b32df26c9252d5b90df456012eaa46c972504d

New changelog entries:
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:36:55 UTC

Import patches-unapplied version 1.13.2+dfsg-2ubuntu0.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: a0b32df26c9252d5b90df456012eaa46c972504d

New changelog entries:
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:36:55 UTC

Import patches-unapplied version 1.13.2+dfsg-2ubuntu0.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: a0b32df26c9252d5b90df456012eaa46c972504d

New changelog entries:
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 14:16:52 UTC

Import patches-unapplied version 1.10+dfsg~beta1-2ubuntu0.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 170cc2ebc5096b87e2ad6d5fbf5afac87b1bf3aa

New changelog entries:
  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:52:46 UTC

Import patches-unapplied version 1.12.1+dfsg-18ubuntu0.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 927b1b9718ac91b4ea0ae8f01a578a4e9b9213e7

New changelog entries:
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:36:55 UTC

Import patches-applied version 1.13.2+dfsg-2ubuntu0.1 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 974d039062b0be810529232db820d20b7e91aa2f
Unapplied parent: e8cf16d5944b52ea49665a5961fc3b119cfa3b41

New changelog entries:
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 14:16:52 UTC

Import patches-unapplied version 1.10+dfsg~beta1-2ubuntu0.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 170cc2ebc5096b87e2ad6d5fbf5afac87b1bf3aa

New changelog entries:
  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:52:46 UTC

Import patches-unapplied version 1.12.1+dfsg-18ubuntu0.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 927b1b9718ac91b4ea0ae8f01a578a4e9b9213e7

New changelog entries:
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 14:16:52 UTC

Import patches-applied version 1.10+dfsg~beta1-2ubuntu0.7 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cf66088038288fb764e77f111d12012acce9f096
Unapplied parent: d5e181919d20a43e047bf6fd3fab25b608f0f76d

New changelog entries:
  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 14:16:52 UTC

Import patches-unapplied version 1.10+dfsg~beta1-2ubuntu0.7 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 170cc2ebc5096b87e2ad6d5fbf5afac87b1bf3aa

New changelog entries:
  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 14:16:52 UTC

Import patches-applied version 1.10+dfsg~beta1-2ubuntu0.7 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cf66088038288fb764e77f111d12012acce9f096
Unapplied parent: d5e181919d20a43e047bf6fd3fab25b608f0f76d

New changelog entries:
  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:52:46 UTC

Import patches-applied version 1.12.1+dfsg-18ubuntu0.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: d31b2f316840d7a10f24d6cfa108037a3b7b0c0f
Unapplied parent: adc2ca7e5a8fb672b48c6b3a8bfa87be7d749bf9

New changelog entries:
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 14:16:52 UTC

Import patches-applied version 1.10+dfsg~beta1-2ubuntu0.7 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cf66088038288fb764e77f111d12012acce9f096
Unapplied parent: d5e181919d20a43e047bf6fd3fab25b608f0f76d

New changelog entries:
  * SECURITY UPDATE: denial of service via udp ping-pong
    - debian/patches/CVE-2002-2443.patch: don't respond to improper packets
      in src/kadmin/server/schpw.c.
    - CVE-2002-2443
  * SECURITY UPDATE: denial of service via incorrect null bytes
    - d/p/0030-Fix-krb5_read_message-handling-CVE-2014-5355.patch:
      properly handle null bytes in src/appl/user_user/server.c,
      src/lib/krb5/krb/recvauth.c.
    - CVE-2015-5355
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/0035-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/0033-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/0034-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:36:55 UTC

Import patches-applied version 1.13.2+dfsg-2ubuntu0.1 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 974d039062b0be810529232db820d20b7e91aa2f
Unapplied parent: e8cf16d5944b52ea49665a5961fc3b119cfa3b41

New changelog entries:
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:52:46 UTC

Import patches-applied version 1.12.1+dfsg-18ubuntu0.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: d31b2f316840d7a10f24d6cfa108037a3b7b0c0f
Unapplied parent: adc2ca7e5a8fb672b48c6b3a8bfa87be7d749bf9

New changelog entries:
  * SECURITY UPDATE: preauthentication requirement bypass in kdcpreauth
    - d/p/u/0031-Prevent-requires_preauth-bypass-CVE-2015-2694.patch:
      improve logic in src/plugins/preauth/otp/main.c,
      src/plugins/preauth/pkinit/pkinit_srv.c.
    - CVE-2015-2694
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0031-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0036-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0032-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0034-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0033-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0035-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698

Author: Marc Deslauriers
Author Date: 2015-11-11 13:36:55 UTC

Import patches-applied version 1.13.2+dfsg-2ubuntu0.1 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 974d039062b0be810529232db820d20b7e91aa2f
Unapplied parent: e8cf16d5944b52ea49665a5961fc3b119cfa3b41

New changelog entries:
  * SECURITY UPDATE: SPNEGO context aliasing bugs
    - d/p/u/0011-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch:
      improve logic in src/lib/gssapi/spnego/gssapiP_spnego.h,
      src/lib/gssapi/spnego/spnego_mech.c.
    - d/p/u/0016-Fix-SPNEGO-context-import.patch: fix SPNEGO context import
      in src/lib/gssapi/spnego/spnego_mech.c.
    - CVE-2015-2695
  * SECURITY UPDATE: IAKERB context aliasing bugs
    - d/p/u/0012-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch:
      improve logic in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - d/p/u/0014-Fix-two-IAKERB-comments.patch: fix comments in
      src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2696
  * SECURITY UPDATE: KDC crash via invalid string processing
    - d/p/u/0013-Fix-build_principal-memory-bug-CVE-2015-2697.patch:
      use k5memdup0() instead of strdup() in src/lib/krb5/krb/bld_princ.c.
    - CVE-2015-2697
  * SECURITY UPDATE: memory corruption in IAKERB context export/import
    - d/p/u/0015-Fix-IAKERB-context-export-import-CVE-2015-2698.patch:
      dereferencing the context_handle pointer before casting it in
      and implement implement an IAKERB gss_import_sec_context() function
      in src/lib/gssapi/krb5/gssapiP_krb5.h,
      src/lib/gssapi/krb5/gssapi_krb5.c, src/lib/gssapi/krb5/iakerb.c.
    - CVE-2015-2698