lp:~hartmans/ubuntu/trusty/krb5/gss-infinite-loop

Created by Sam Hartman on 2014-06-04 and last modified on 2014-12-03
Get this branch:
bzr branch lp:~hartmans/ubuntu/trusty/krb5/gss-infinite-loop
Only Sam Hartman can upload to this branch. If you are Sam Hartman please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Sam Hartman
Status:
Development

Recent revisions

63. By Sam Hartman on 2014-08-12

* SECURITY UPDATE: denial of service via invalid tokens
  - debian/patches/CVE-2014-4341-4342.patch: handle invalid tokens in
    src/lib/gssapi/krb5/k5unseal.c, src/lib/gssapi/krb5/k5unsealiov.c.
  - CVE-2014-4341
  - CVE-2014-4342
* SECURITY UPDATE: denial of service via double-free in SPNEGO
  - debian/patches/CVE-2014-4343.patch: fix double-free in
    src/lib/gssapi/spnego/spnego_mech.c.
  - CVE-2014-4343
* SECURITY UPDATE: denial of service via null deref in SPNEGO acceptor
  - debian/patches/CVE-2014-4344.patch: validate REMAIN in
    src/lib/gssapi/spnego/spnego_mech.c.
  - CVE-2014-4344
* SECURITY UPDATE: denial of service and possible code execution in
  kadmind with LDAP backend
  - debian/patches/CVE-2014-4345.patch: fix off-by-one in
    src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
  - CVE-2014-4345

62. By Sam Hartman on 2014-07-31

Use tailq macros to work around GCC 4.8 optimizer bug and prevent
infinite loop for database propagation (LP: #1347147)

61. By Sam Hartman on 2014-06-25

Make libkadm5srv-mit8 be arch: any multi-arch: same to work around
upgrade bug (LP: #1334052

60. By Sam Hartman on 2014-06-04

Fix segfault in infinite loop for GSS mechglue methods.

59. By Michael Vogt on 2014-04-09

Add transitional libkadm5srv-mit8 package to help libapt
calculating the upgrade (LP: #1304403) to trusty.
This transitional package can be dropped once trusty is
released.

58. By Martin Pitt on 2014-04-08

Add missing versioned Replaces: libkadm5srv-mit8 to the libkdb5-7 package.
Fixes upgrades from trusty. (LP: #1304403)

57. By Adam Conrad on 2014-02-17

debian/rules: force -O2 to work around build failure with -O3.

56. By Timo Aaltonen on 2014-02-04

* Merge from Debian unstable. Remaining changes:
  - Add alternate dependency on libverto-libevent1 as that's the
    package ABI name in ubuntu.

55. By Dimitri John Ledkov on 2013-11-10

Add alternate dependency on libverto-libevent1 as that's the package
ABI name in ubuntu.

54. By Matthias Klose on 2013-07-23

Update config.{guess,sub} for Aarch64.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers