pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/oath-toolkit

Module Name:    pkgsrc
Committed By:   pettai
Date:           Mon Mar 10 00:58:51 UTC 2014

Modified Files:
        pkgsrc/security/oath-toolkit: Makefile distinfo

Log Message:
Version 2.4.1 (released 2014-02-12)

* liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file.  Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. CVE-2013-7322
CVs: ----------------------------------------------------------------------

To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/oath-toolkit/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/oath-toolkit/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index