aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2015-02-22 00:12:36 +0800
committercy <cy@FreeBSD.org>2015-02-22 00:12:36 +0800
commit83661116818c167b007f4db897e3bbb50e15ca82 (patch)
tree1c611383c9c493d33dc950e39c8e431cf75ab2df
parent41d5ba7079658b5dc4bc84b6d24dc2cac6094cde (diff)
downloadfreebsd-ports-gnome-83661116818c167b007f4db897e3bbb50e15ca82.tar.gz
freebsd-ports-gnome-83661116818c167b007f4db897e3bbb50e15ca82.tar.zst
freebsd-ports-gnome-83661116818c167b007f4db897e3bbb50e15ca82.zip
Kerberos Version 5, Release 1.12.3 is released affecting
security/krb5-112. This fixes multiple vulnerabilities, some previously committed by point patches and others newly fixed in this release. * Fix multiple vulnerabilities in the LDAP KDC back end. [CVE-2014-5354] [CVE-2014-5353] * Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423] Security: CVE-2014-5354, CVE-2014-5353 Security: CVE-2014-5352, CVE-2014-5352, CVE-2014-9421 Security: CVE-2014-9422, CVE-2014-9423
-rw-r--r--security/vuxml/vuln.xml29
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 56bbc0c157a5..3fe05fd67253 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -57,6 +57,35 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="63527d0d-b9de-11e4-8a48-206a8a720317">
+ <topic>krb5 1.12 -- New release/fix multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>krb5-112</name>
+ <range><lt>1.12.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3:</p>
+ <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt">
+ <p>Fix multiple vulnerabilities in the LDAP KDC back end.
+ [CVE-2014-5354] [CVE-2014-5353]</p>
+ <p>Fix multiple kadmind vulnerabilities, some of which are based
+ in the gssrpc library. [CVE-2014-5352 CVE-2014-5352
+ CVE-2014-9421 CVE-2014-9422 CVE-2014-9423]</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://web.mit.edu/kerberos/krb5-1.12/README-1.12.3.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-02-20</discovery>
+ <entry>2015-02-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3680b234-b6f0-11e4-b7cc-d050992ecde8">
<topic>unzip -- heap based buffer overflow in iconv patch</topic>
<affects>