Subject: CVS commit: [pkgsrc-2017Q3] pkgsrc/security/mit-krb5
From: S.P.Zeidler
Date: 2017-10-15 14:06:58
Message id: 20171015120658.D1ADFFBC7@cvs.NetBSD.org

Log Message:
Pullup ticket #5569 - requested by sevan
security/mit-krb5: security update

Revisions pulled up:
- security/mit-krb5/Makefile                                    1.95
- security/mit-krb5/distinfo                                    1.62
- security/mit-krb5/patches/patch-CVE-2017-11368                deleted

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Tue Oct 10 21:22:53 UTC 2017

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo
   Removed Files:
           pkgsrc/security/mit-krb5/patches: patch-CVE-2017-11368

   Log Message:
   mit-krb5: update to 1.14.6

   Major changes in 1.14.6 (2017-09-25)

   This is a bug fix release.

       Fix a KDC denial of service vulnerability caused by unset status
   strings [CVE-2017-11368]
       Preserve GSS contexts on init/accept failure [CVE-2017-11462]
       Fix kadm5 setkey operation with LDAP KDB module
       Use a ten-second timeout after successful connection for HTTPS KDC
   requests, as we do for TCP requests
       Fix client null dereference when KDC offers encrypted challenge
   without FAST

   To generate a diff of this commit:
   cvs rdiff -u -r1.94 -r1.95 pkgsrc/security/mit-krb5/Makefile
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/mit-krb5/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/security/mit-krb5/patches/patch-CVE-2017-11368

Files:
RevisionActionfile
1.94.4.1modifypkgsrc/security/mit-krb5/Makefile
1.61.4.1modifypkgsrc/security/mit-krb5/distinfo
1.1removepkgsrc/security/mit-krb5/patches/patch-CVE-2017-11368