Module Name:	pkgsrc
Committed By:	ghen
Date:		Thu Aug 10 07:00:34 UTC 2006

Modified Files:
	pkgsrc/security/mit-krb5 [pkgsrc-2006Q2]: Makefile distinfo
Added Files:
	pkgsrc/security/mit-krb5/patches [pkgsrc-2006Q2]: patch-am patch-an
	    patch-ao patch-ap patch-aq patch-ar patch-as

Log Message:
Pullup ticket 1783 - requested by salo
security fix for mit-krb5

Revisions pulled up:
- pkgsrc/security/mit-krb5/Makefile		1.38
- pkgsrc/security/mit-krb5/distinfo		1.15
- pkgsrc/security/mit-krb5/patches/patch-am	1.1
- pkgsrc/security/mit-krb5/patches/patch-an	1.1
- pkgsrc/security/mit-krb5/patches/patch-ao	1.1
- pkgsrc/security/mit-krb5/patches/patch-ap	1.1
- pkgsrc/security/mit-krb5/patches/patch-aq	1.1
- pkgsrc/security/mit-krb5/patches/patch-ar	1.1
- pkgsrc/security/mit-krb5/patches/patch-as	1.1

   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Wed Aug  9 17:31:10 UTC 2006

   Modified Files:
	pkgsrc/security/mit-krb5: Makefile distinfo
   Added Files:
	pkgsrc/security/mit-krb5/patches: patch-am patch-an patch-ao patch-ap
	    patch-aq patch-ar patch-as

   Log Message:
   Security fixes for SA21402:

   "A security issue has been reported in Kerberos, which potentially can
    be exploited by malicious, local users to perform certain actions with
    escalated privileges.

    The security issue is caused due to missing checks for whether the
    "setuid()" call has succeeded in the bundled krshd and v4rcp
    applications. This can be exploited to disclose or manipulate the
    contents of arbitrary files or execute arbitrary code with root
    privileges if the "setuid()" call fails due to e.g. resource limits."

   http://secunia.com/advisories/21402/
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt

   Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.37 -r1.37.2.1 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -r1.14 -r1.14.4.1 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/security/mit-krb5/patches/patch-am \
    pkgsrc/security/mit-krb5/patches/patch-an \
    pkgsrc/security/mit-krb5/patches/patch-ao \
    pkgsrc/security/mit-krb5/patches/patch-ap \
    pkgsrc/security/mit-krb5/patches/patch-aq \
    pkgsrc/security/mit-krb5/patches/patch-ar \
    pkgsrc/security/mit-krb5/patches/patch-as

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.