Date: Sat, 21 Feb 2015 16:12:37 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r379531 - head/security/vuxml Message-ID: <201502211612.t1LGCbB8033645@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Sat Feb 21 16:12:36 2015 New Revision: 379531 URL: https://svnweb.freebsd.org/changeset/ports/379531 QAT: https://qat.redports.org/buildarchive/r379531/ Log: Kerberos Version 5, Release 1.12.3 is released affecting security/krb5-112. This fixes multiple vulnerabilities, some previously committed by point patches and others newly fixed in this release. * Fix multiple vulnerabilities in the LDAP KDC back end. [CVE-2014-5354] [CVE-2014-5353] * Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423] Security: CVE-2014-5354, CVE-2014-5353 Security: CVE-2014-5352, CVE-2014-5352, CVE-2014-9421 Security: CVE-2014-9422, CVE-2014-9423 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Feb 21 16:10:43 2015 (r379530) +++ head/security/vuxml/vuln.xml Sat Feb 21 16:12:36 2015 (r379531) @@ -57,6 +57,35 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="63527d0d-b9de-11e4-8a48-206a8a720317"> + <topic>krb5 1.12 -- New release/fix multiple vulnerabilities</topic> + <affects> + <package> + <name>krb5-112</name> + <range><lt>1.12.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"> + <p>Fix multiple vulnerabilities in the LDAP KDC back end. + [CVE-2014-5354] [CVE-2014-5353]</p> + <p>Fix multiple kadmind vulnerabilities, some of which are based + in the gssrpc library. [CVE-2014-5352 CVE-2014-5352 + CVE-2014-9421 CVE-2014-9422 CVE-2014-9423]</p> + </blockquote> + </body> + </description> + <references> + <url>http://web.mit.edu/kerberos/krb5-1.12/README-1.12.3.txt</url> + </references> + <dates> + <discovery>2015-02-20</discovery> + <entry>2015-02-21</entry> + </dates> + </vuln> + <vuln vid="3680b234-b6f0-11e4-b7cc-d050992ecde8"> <topic>unzip -- heap based buffer overflow in iconv patch</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502211612.t1LGCbB8033645>