Module Name: src
Committed By: martin
Date: Wed Jul 12 15:38:06 UTC 2017
Modified Files:
src/doc [netbsd-7-0]: CHANGES-7.0.3
Log Message:
Ticket #1453
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.47 -r1.1.2.48 src/doc/CHANGES-7.0.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-7.0.3
diff -u src/doc/CHANGES-7.0.3:1.1.2.47 src/doc/CHANGES-7.0.3:1.1.2.48
--- src/doc/CHANGES-7.0.3:1.1.2.47 Mon Jul 10 13:16:27 2017
+++ src/doc/CHANGES-7.0.3 Wed Jul 12 15:38:06 2017
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.0.3,v 1.1.2.47 2017/07/10 13:16:27 martin Exp $
+# $NetBSD: CHANGES-7.0.3,v 1.1.2.48 2017/07/12 15:38:06 martin Exp $
A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3
release:
@@ -2993,3 +2993,14 @@ sys/kern/vfs_lookup.c 1.208
in -r1.200.
[dh, ticket #1451]
+crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c 1.3-1.4
+
+ In _krb5_extract_ticket() the KDC-REP service name must be
+ obtained from encrypted version stored in 'enc_part' instead
+ of the unencrypted version stored in 'ticket'.
+ Use of the unecrypted version provides an opportunity for
+ successful server impersonation and other attacks.
+
+ Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+ [christos, ticket #1453]
+
