Now
netbsd-7 commitmail json YAML
Pull up following revision(s) (requested by christos in ticket #1453):
crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c: revision 1.3
crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c: revision 1.4
<a rel="nofollow" href="https://orpheus-lyre.info/design/index.html">https://orpheus-lyre.info/design/index.html</a>
<a rel="nofollow" href="https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea">https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea</a>
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
XXX: pullup 6, 7, 8.
fix typo.
crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c: revision 1.3
crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c: revision 1.4
<a rel="nofollow" href="https://orpheus-lyre.info/design/index.html">https://orpheus-lyre.info/design/index.html</a>
<a rel="nofollow" href="https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea">https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea</a>
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
XXX: pullup 6, 7, 8.
fix typo.