-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 May 2025 19:06:22 +0200
Source: krb5
Binary: krb5-doc krb5-locales
Architecture: all
Version: 1.20.1-2+deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 krb5-doc   - documentation for MIT Kerberos
 krb5-locales - internationalization support for MIT Kerberos
Closes: 1103525
Changes:
 krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium
 .
   * Non Maintainer upload by LTS team
   * Fix CVE-2025-3576. Closes: #1103525
     A Vulnerability in the MIT Kerberos implementation
     allows GSSAPI-protected messages using RC4-HMAC-MD5
     to be spoofed due to weaknesses in the MD5 checksum design.
     If RC4 is preferred over stronger encryption types,
     an attacker could exploit MD5 collisions to forge message
     integrity codes. This may lead to unauthorized
     message tampering.
   * Tickets will not be issued with RC4 or triple-DES session
     keys unless explicitly configured with the new allow_rc4
     or allow_des3 variables respectively.
   * In KDC, assume all services support aes256-sha1
     To facilitate negotiating session keys with acceptable security,
     assume that services support aes256-cts-hmac-sha1 unless a
     session_enctypes string attribute says otherwise.
Checksums-Sha1:
 b0af36bd4646ddd5ef3054ae1fe787c2d534d911 2792212 krb5-doc_1.20.1-2+deb12u4_all.deb
 bbdf962b9249ccaf7dc9f89be2cef43263a53be0 63416 krb5-locales_1.20.1-2+deb12u4_all.deb
 02b9b2a009b946869f1d76a4576903a61e410bc7 12100 krb5_1.20.1-2+deb12u4_all-buildd.buildinfo
Checksums-Sha256:
 e1d3d99b8444365591b7da6aedd2770d4ea03ced2f8a88f004e1d3575c11dca0 2792212 krb5-doc_1.20.1-2+deb12u4_all.deb
 9092b291ad699d91e8ef49137ef82ae248b8769fac6f9a756d0719740f578e07 63416 krb5-locales_1.20.1-2+deb12u4_all.deb
 25dec4b45eae40cde53ef6b0403683c7933b5326f4bc0922646204589fd9fa01 12100 krb5_1.20.1-2+deb12u4_all-buildd.buildinfo
Files:
 9ed2bcaa0940a71d59089ff68599f5ed 2792212 doc optional krb5-doc_1.20.1-2+deb12u4_all.deb
 0905c7993a539e94d632f2dd0f2e8aaa 63416 localization optional krb5-locales_1.20.1-2+deb12u4_all.deb
 bdc3de4ea955cbf934551b1906d33180 12100 net optional krb5_1.20.1-2+deb12u4_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmg7eewACgkQx30Wh8LX
l/YeKRAAikj+9ALfpUqUei4xns5t7E1IEl8D64Rt1Cp118kqJLh9GSe7tyfqEp2Q
GXbdGVEhubcu/v51Nm5yQbp+utzIqWIHaA5cTYEHB2Ab1tFYcVcEVeQQ6qyeBJ9i
0UDtBCb3SYoMizh8DcadoKyRMLXAMlKgeKudcCSFJypieykJwGtijDbx9QLRaqFf
Et6hN3T8wQkzxNbniYHHWxdZEwEZmVQn+g6Dg82Z+HB9o0AEwzArk3IMxR6Smacy
M9tAk/05oGEcezi1NJAjiAkgp4hUP1qKAmSzbPotoIwHWgAplbr9cyM1PzxV+sht
cVdcCMAsmN+Ogw2g/6uRLrVfzBtHR5waG15RnTmbTG+/ZtwRaP1js/gy+TVwCSSC
JNcLr+1jHV/tfzqBgfj18+9/oUYwtkgzlcrV6/BYV2wYPk5svXJnxk5GvYfMz23/
K3YPotuFVPcDzj6I4tXFVg0irisqe+1vA3uQpVYbtqDCUrC34gED7WhfeqhOx0iT
3WMhojkFvjrG9c/vU0Mz3l8rI0l7bBGliZ1Rkg5FU3dieJw2B5akPBQmLPQU6tqv
1vbk+QpGsqeCRzbvDJfBw01YKSinCOjvJAjJ2Hf+/kEmZjCqSPyyyvFl61snfqoz
Jn0Tjzsy6WbsmLPrrlrkjD/s0LdLmqoafwv1kWfXAak10HguiUg=
=N1Qb
-----END PGP SIGNATURE-----