CVS commit: [pkgsrc-2013Q1] pkgsrc/security/mit-krb5

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2013Q1] pkgsrc/security/mit-krb5
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Thu, 16 May 2013 22:04:58 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Thu May 16 22:04:58 UTC 2013

Modified Files:
        pkgsrc/security/mit-krb5 [pkgsrc-2013Q1]: Makefile distinfo
Added Files:
        pkgsrc/security/mit-krb5/patches [pkgsrc-2013Q1]:
            patch-kadmin_server_schpw.c

Log Message:
Pullup ticket #4134 - requested by tez
security/mit-krb5: security fix

Revisions pulled up:
- security/mit-krb5/Makefile                                    1.70
- security/mit-krb5/distinfo                                    1.43
- security/mit-krb5/patches/patch-kadmin_server_schpw.c         1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Mon May 13 22:42:34 UTC 2013

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
           pkgsrc/security/mit-krb5/patches: patch-kadmin_server_schpw.c

   Log Message:
   The kpasswd service provided by kadmind was vulnerable to a UDP
   "ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
   they pass some basic validation, and don't respond to our own error
   packets.

   Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
   attack or UDP ping-pong attacks in general, but there is discussion
   leading toward narrowing the definition of CVE-1999-0103 to the echo,
   chargen, or other similar built-in inetd services.

   
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs

   To generate a diff of this commit:
   cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/mit-krb5/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/mit-krb5/distinfo
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c


To generate a diff of this commit:
cvs rdiff -u -r1.67.2.1 -r1.67.2.2 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.40.2.1 -r1.40.2.2 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2013Q1] pkgsrc/emulators/suse121_libcurl
Next by Date: CVS commit: pkgsrc/x11/xf86-video-chips/files
Previous by Thread: CVS commit: [pkgsrc-2013Q1] pkgsrc/emulators/suse121_libcurl
Next by Thread: CVS commit: pkgsrc/x11/xf86-video-chips/files
Indexes:

Home | Main Index | Thread Index | Old Index