[src/netbsd-6]: src/doc Ticket #1461

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0dcde5713623
branches:  netbsd-6
changeset: 777183:0dcde5713623
user:      martin <martin%NetBSD.org@localhost>
date:      Thu Jul 13 09:02:11 2017 +0000

description:
Ticket #1461

diffstat:

 doc/CHANGES-6.2 |  13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diffs (24 lines):

diff -r 72c30bb65023 -r 0dcde5713623 doc/CHANGES-6.2
--- a/doc/CHANGES-6.2   Thu Jul 13 09:01:29 2017 +0000
+++ b/doc/CHANGES-6.2   Thu Jul 13 09:02:11 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.289 2017/07/11 21:29:39 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.290 2017/07/13 09:02:11 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -17951,3 +17951,14 @@
        Fix CVE-2017-10971 and CVE-2017-10972.
        [mrg, ticket #1459]
 
+crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c 1.3-1.4
+
+       In _krb5_extract_ticket() the KDC-REP service name must be
+       obtained from encrypted version stored in 'enc_part' instead
+       of the unencrypted version stored in 'ticket'.
+       Use of the unecrypted version provides an opportunity for
+       successful server impersonation and other attacks.
+
+       Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+       [christos, ticket #1461]
+