Subject: CVS commit: pkgsrc/security/oath-toolkit
From: Fredrik Pettai
Date: 2014-03-10 01:58:51
Message id:

Log Message:
Version 2.4.1 (released 2014-02-12)

* liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file.  Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. CVE-2013-7322
CVs: ----------------------------------------------------------------------