Subject: CVS commit: pkgsrc/security/mit-krb5-appl
From: Tim Zingelman
Date: 2011-12-23 17:44:24
Message id: 20111223164425.07C17175DD@cvs.netbsd.org
Log Message:
Fix for CVE-2011-4862 from FreeBSD

When an encryption key is supplied via the TELNET protocol, its length
is not validated before the key is copied into a fixed-size buffer.

This is a remote root exploit that is being actively exploited in the wild.
Files:
RevisionActionfile
1.4modifypkgsrc/security/mit-krb5-appl/Makefile
1.4modifypkgsrc/security/mit-krb5-appl/distinfo
1.1addpkgsrc/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c