Subject: CVS commit: pkgsrc/security/heimdal
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 08/09/2006 17:58:09
Module Name: pkgsrc
Committed By: salo
Date: Wed Aug 9 17:58:09 UTC 2006
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-am patch-an patch-ao patch-ap
patch-aq
Log Message:
Security fix for SA21436:
"A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled rcp application. This may
be exploited to perform certain actions with root privileges if the
"setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -r1.61 -r1.62 pkgsrc/security/heimdal/Makefile
cvs rdiff -r1.20 -r1.21 pkgsrc/security/heimdal/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/security/heimdal/patches/patch-am \
pkgsrc/security/heimdal/patches/patch-an \
pkgsrc/security/heimdal/patches/patch-ao \
pkgsrc/security/heimdal/patches/patch-ap \
pkgsrc/security/heimdal/patches/patch-aq
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.