diff options
Diffstat (limited to 'krb5.spec')
-rw-r--r-- | krb5.spec | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -16,7 +16,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.6.3 -Release: 9%{?dist} +Release: 10%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -96,6 +96,10 @@ Patch70: krb5-trunk-kpasswd_tcp2.patch Patch71: krb5-1.6.2-dirsrv-accountlock.patch Patch72: krb5-1.6.3-ftp_fdleak.patch Patch73: krb5-1.6.3-ftp_glob_runique.patch +Patch74: krb5-CVE-2008-0062,0063.patch +Patch75: krb5-CVE-2008-0947.patch +Patch76: krb5-CVE-2007-5901.patch +Patch77: krb5-CVE-2007-5971.patch License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ @@ -226,6 +230,17 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Tue Mar 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-10 +- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer + when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, + #432620, #432621) +- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when + high-numbered descriptors are used (CVE-2008-0947, #433596) +- add backport bug fix for an attempt to free non-heap memory in + libgssapi_krb5 (CVE-2007-5901, #415321) +- add backport bug fix for a double-free in out-of-memory situations in + libgssapi_krb5 (CVE-2007-5971, #415351) + * Tue Mar 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.6.3-9 - rework file labeling patch to not depend on fragile preprocessor trickery, in another attempt at fixing #428355 and friends @@ -1330,6 +1345,10 @@ popd %patch71 -p1 -b .dirsrv-accountlock %patch72 -p1 -b .ftp_fdleak %patch73 -p1 -b .ftp_glob_runique +%patch74 -p0 -b .2008-0062,0063 +%patch75 -p0 -b .2008-0947 +%patch76 -p0 -b .2007-5901 +%patch77 -p0 -b .2007-5971 cp src/krb524/README README.krb524 gzip doc/*.ps |