Subject: CVS commit: pkgsrc/security/mit-krb5
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 08/09/2006 17:31:10
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Aug  9 17:31:10 UTC 2006

Modified Files:
	pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
	pkgsrc/security/mit-krb5/patches: patch-am patch-an patch-ao patch-ap
	    patch-aq patch-ar patch-as

Log Message:
Security fixes for SA21402:

"A security issue has been reported in Kerberos, which potentially can
 be exploited by malicious, local users to perform certain actions with
 escalated privileges.

 The security issue is caused due to missing checks for whether the
 "setuid()" call has succeeded in the bundled krshd and v4rcp
 applications. This can be exploited to disclose or manipulate the
 contents of arbitrary files or execute arbitrary code with root
 privileges if the "setuid()" call fails due to e.g. resource limits."

http://secunia.com/advisories/21402/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.37 -r1.38 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -r1.14 -r1.15 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-am \
    pkgsrc/security/mit-krb5/patches/patch-an \
    pkgsrc/security/mit-krb5/patches/patch-ao \
    pkgsrc/security/mit-krb5/patches/patch-ap \
    pkgsrc/security/mit-krb5/patches/patch-aq \
    pkgsrc/security/mit-krb5/patches/patch-ar \
    pkgsrc/security/mit-krb5/patches/patch-as

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.