---
- branch: netbsd-7
  date: Wed Jul 12 15:34:37 UTC 2017
  files:
  - new: 1.1.1.2.2.1
    old: 1.1.1.2
    path: src/crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c
    pathrev: src/crypto/external/bsd/heimdal/dist/lib/krb5/ticket.c@1.1.1.2.2.1
    type: modified
  id: 20170712T153437Z.ebc7b0f0036b87f45c875655bd3360d1cce292fc
  log: "Pull up following revision(s) (requested by christos in ticket #1453):\n\tcrypto/external/bsd/heimdal/dist/lib/krb5/ticket.c:
    revision 1.3\n\tcrypto/external/bsd/heimdal/dist/lib/krb5/ticket.c: revision 1.4\n<a
    \ rel=\"nofollow\" href=\"https://orpheus-lyre.info/design/index.html\">https://orpheus-lyre.info/design/index.html</a>\n<a
    \ rel=\"nofollow\" href=\"https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea\">https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea</a>\nIn
    _krb5_extract_ticket() the KDC-REP service name must be obtained from\nencrypted
    version stored in 'enc_part' instead of the unencrypted version\nstored in 'ticket'.
    \ Use of the unecrypted version provides an\nopportunity for successful server
    impersonation and other attacks.\nIdentified by Jeffrey Altman, Viktor Duchovni
    and Nico Williams.\nXXX: pullup 6, 7, 8.\nfix typo.\n"
  module: src
  subject: 'CVS commit: [netbsd-7] src/crypto/external/bsd/heimdal/dist/lib/krb5'
  unixtime: '1499873677'
  user: martin