From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 18 11:53:37 2017 Received: (at 27749) by debbugs.gnu.org; 18 Jul 2017 15:53:37 +0000 Received: from localhost ([127.0.0.1]:46834 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dXUob-0007h4-Mj for submit@debbugs.gnu.org; Tue, 18 Jul 2017 11:53:37 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:35795) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dXUoa-0007gu-Mv for 27749@debbugs.gnu.org; Tue, 18 Jul 2017 11:53:36 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 6E67D209F7; Tue, 18 Jul 2017 11:53:36 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 18 Jul 2017 11:53:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=FqsJzGSPqcamlkQkQtQ0EO6ibAAeA361ktPdYs a2ycw=; b=Ibby5g/xTW6MUzTPBVknQsbOoXIYpU1BETxZaZTkwXlibcMF7fzC/d imLfAL3JaS0kCFKIo6riX6mL01TGn8G7MVB87fhlpqtHRKheWdnr1PcYhx4h02aG oEDM3BCkmVy/j1x9x2fqoeanh6u9UfBONBIyrygEzNsyvR+vDuy54= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=FqsJzGSPqcamlkQkQt Q0EO6ibAAeA361ktPdYsa2ycw=; b=gyQ9NJam8I9X9MyFfraeNhxjkKLcdqAcRA ZYOXkNAc0esqEhAeXzKcbkf5Q669rGmnwz7W3SPnbISi02kNacHcLnmGE8Iwguxi rMstSxkGl30GVu7mNUxDKKbBGuh37PE7leu1c/kIKiAMbwUrAhm47j6Q9CNpxaEU Uq6IhY5rhi6IvcOLvvhceyFGibImx3/1dM+MiDlc2BDVro9fdw1X0PVG4q9cvtEi AqRFaY94c1qlQ4P6uyDUt4HsrogVHEEFElEvUs/Zmn6npj8Hap6FAuonuAw7eWCH lINIDpkkJNhaoycqyvlOglUC6TP83ayYw1GdDC2gmv7NBVCN9GAQ== X-ME-Sender: X-Sasl-enc: 8QY+wcHRSK4CxdsQdm87P08hF1+q2ScW/Se/NuA3T/Cy 1500393216 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 2A28E248CF; Tue, 18 Jul 2017 11:53:36 -0400 (EDT) Date: Tue, 18 Jul 2017 11:53:35 -0400 From: Leo Famulari To: Alex Vong Subject: Re: [bug#27749] [PATCH] gnu: heimdal: Update to 7.4.0 [fixes CVE-2017-11103]. Message-ID: <20170718155335.GA15745@jasmine.lan> References: <87wp76kv68.fsf@gmail.com> <20170718154906.GB16798@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline In-Reply-To: <20170718154906.GB16798@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27749 Cc: 27749@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Jul 18, 2017 at 11:49:06AM -0400, Leo Famulari wrote: > Maybe we can find a patch for CVE-2017-11103 from Red Hat or another > long-term-support distro. I noticed an unrelated patch for Heimdal > 1.6 here: > https://anonscm.debian.org/cgit/collab-maint/heimdal.git/commit/?h=debian/jessie&id=6d27073da8b45b5c67ca4ad74696489e49c4df1a I'm not sure what version of heimdal FreeBSD packages, but they are offering a patch for this, linked from their advisory: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlluLv8ACgkQJkb6MLrK fwj0Qg//Yq8CbzXiWrZ0431Ha4etQsuQ4Aoh/na52UhHD5fav0qPthO7vkACiYUt qUh4IGlo9uvjJ+FvLT+ukgSs5HmkZUm+gr7IfOfTfudQ0q1ovMRNylMdX+JHzirj JFzC6bWW1B+rXU+6VubFDDVP1bhGVQvb/3B0pQkgHqBW/PW3tJCNfa2blxrOGPHV BMjRY4qfz1foymYhiQlLOiL7+2GKrkIKpsrvpH3kZvwZFqIXXIAtU9pY2pG3t3/j g3BOWWgOKVSKKP84NobcZ4n7iPzY/QLaqL58v4vJIOlFxb4yzfEC84RJQy/aS7YB oozDlmGo+0RH9jVLPSjqn+QrFxEVh4fTeuANvwZWQWHrdGiaxirPxG+YMuxO8SsN uoJ/NYFBd+Z5ZPmdFhiZ8jdjdJqiQcmlWLoQNkzDTr2G6QFaDkkL6MDBW12vtydi 7Jr9xhnrvyaOrWmP+UjbrujC7r3FO6RJqPdvjF4GQYfCWZEiwAxKgQMdusVvKu2q kg4RLxCnrghxAJMFLBIxPNbaVgmWhJE5KXFWcchbyut+STqOAvcENfzCHPPVLBK5 wh3kTLQdWVg6snVxv1avCKfrLaTb5f1dp97TYuJ0/s7nHePwIhqjupjIuukPKbR/ TOsXeIFdhqGfbUtfme8GBem0Xq6On6+A1H7m2pNPbctfjunOi2M= =tHm/ -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv--