[Bug 219657] security/heimdal: not marked vulnerable, below 7.3 vulnerable - CVE-2017-6594
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue May 30 15:42:40 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219657
Bug ID: 219657
Summary: security/heimdal: not marked vulnerable, below 7.3
vulnerable - CVE-2017-6594
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: hrs at FreeBSD.org
Reporter: prj at rootwyrm.com
Assignee: hrs at FreeBSD.org
Flags: maintainer-feedback?(hrs at FreeBSD.org)
Heimdal 7.1 is vulnerable to CVE-2017-6594 - may permit bypass of capath
policy. This has been addressed in Heimdal 7.3.0.
https://www.h5l.org/advisories.html?show=2017-04-13
Additionally, MASTER_SITES is now out of date - Heimdal is now distributed via
github releases.
https://www.h5l.org/sources.html
https://github.com/heimdal/heimdal/releases
Attempted to pull it up straight, but patches are not applying cleanly, so
additional work will be needed. Makefile and distinfo patch provided here (but
I may have gotten MASTER_SITES wrong.)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list