svn commit: r419155 - head/security/vuxml
Cy Schubert
cy at FreeBSD.org
Wed Jul 27 01:54:49 UTC 2016
Author: cy
Date: Wed Jul 27 01:54:47 2016
New Revision: 419155
URL: https://svnweb.freebsd.org/changeset/ports/419155
Log:
With the release of krb5 1.13.6, which also fixes the KDC denial of
service vulnerability (CVE-2016-3120 -- same vulnerability fixed in
krb5 1.14.3), update entry 62d45229-4fa0-11e6-9d13-206a8a720317 to
also document the same in krb5 1.13.6.
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jul 27 01:09:58 2016 (r419154)
+++ head/security/vuxml/vuln.xml Wed Jul 27 01:54:47 2016 (r419155)
@@ -332,13 +332,17 @@ Notes:
<topic>krb5 -- KDC denial of service vulnerability</topic>
<affects>
<package>
+ <name>krb5-113</name>
+ <range><lt>1.13.6</lt></range>
+ </package>
+ <package>
<name>krb5-114</name>
<range><lt>1.14.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Major changes in krb5 1.14.3:</p>
+ <p>Major changes in krb5 1.14.3 and krb5 1.13.6:</p>
<blockquote cite="http://web.mit.edu/kerberos/krb5-1.14/">
<p>Fix a rare KDC denial of service vulnerability when anonymous
client principals are restricted to obtaining TGTs only
@@ -353,6 +357,7 @@ Notes:
<dates>
<discovery>2016-07-20</discovery>
<entry>2016-07-21</entry>
+ <modified>2016-07-26</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list