[src/netbsd-7-1]: src/doc Ticket #1453

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/defb0de8ca66
branches:  netbsd-7-1
changeset: 800748:defb0de8ca66
user:      martin <martin%NetBSD.org@localhost>
date:      Wed Jul 12 15:36:25 2017 +0000

description:
Ticket #1453

diffstat:

 doc/CHANGES-7.1.1 |  13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diffs (24 lines):

diff -r 08cc186df5a3 -r defb0de8ca66 doc/CHANGES-7.1.1
--- a/doc/CHANGES-7.1.1 Wed Jul 12 15:35:53 2017 +0000
+++ b/doc/CHANGES-7.1.1 Wed Jul 12 15:36:25 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.1.1,v 1.1.2.14 2017/07/10 13:14:21 martin Exp $
+# $NetBSD: CHANGES-7.1.1,v 1.1.2.15 2017/07/12 15:36:25 martin Exp $
 
 A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.1.1
 release:
@@ -1686,3 +1686,14 @@
        in -r1.200.
        [dh, ticket #1451]
 
+crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c 1.3-1.4
+
+       In _krb5_extract_ticket() the KDC-REP service name must be
+       obtained from encrypted version stored in 'enc_part' instead
+       of the unencrypted version stored in 'ticket'.
+       Use of the unecrypted version provides an opportunity for
+       successful server impersonation and other attacks.
+
+       Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+       [christos, ticket #1453]
+