pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2013Q1] pkgsrc/security/mit-krb5
Module Name: pkgsrc
Committed By: spz
Date: Thu May 16 22:04:58 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5 [pkgsrc-2013Q1]: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches [pkgsrc-2013Q1]:
patch-kadmin_server_schpw.c
Log Message:
Pullup ticket #4134 - requested by tez
security/mit-krb5: security fix
Revisions pulled up:
- security/mit-krb5/Makefile 1.70
- security/mit-krb5/distinfo 1.43
- security/mit-krb5/patches/patch-kadmin_server_schpw.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tez
Date: Mon May 13 22:42:34 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-kadmin_server_schpw.c
Log Message:
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c
To generate a diff of this commit:
cvs rdiff -u -r1.67.2.1 -r1.67.2.2 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.40.2.1 -r1.40.2.2 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index