[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote vulnerability in kadmind
Dave Love <d.love@dl.ac.uk> writes:
> Where should I have seen that?
There were some text in the 0.5.1 announcement, and this thread
follows a notice I sent here about it. Do you have suggestions on how
to improve the information flow?
We did contact {Free,Net,Open}BSD, Debian and Suse (the ones we knew
about) prior to release. The time was short, but that was for a
reason.
> I think it would be useful if announcements were copied to
> heimdal-discuss, which is what I'd expect.
I think this is wrong, but I'm not religious about it.
> The web site implies I can fix the configuration without rebuilding
> -- is that false?
Yes, do you mean this:
If you are running a version older than 0.5.1 AND have Kerberos 4
support enabled in kadmind you should disable it until you have time
to upgrade.
I think the last "it" refers to kadmind, but I guess it (no pun
intended) could be misinterpreted. I just changed "it" to "kadmind".
/Johan