---
- branch: MAIN
  date: Mon Mar 10 00:58:51 UTC 2014
  files:
  - new: '1.13'
    old: '1.12'
    path: pkgsrc/security/oath-toolkit/Makefile
    pathrev: pkgsrc/security/oath-toolkit/Makefile@1.13
    type: modified
  - new: '1.10'
    old: '1.9'
    path: pkgsrc/security/oath-toolkit/distinfo
    pathrev: pkgsrc/security/oath-toolkit/distinfo@1.10
    type: modified
  id: 20140310T005851Z.bf2f139fdc1c8f43c33598167897cc717a27aa0c
  log: |
    Version 2.4.1 (released 2014-02-12)

    * liboath: Fix usersfile bug that caused it to update the wrong line.
    When an usersfile contain multiple lines for the same user but with an
    unparseable token type (e.g., HOTP vs TOTP), the code would update the
    wrong line of the file.  Since the then updated line could be a
    commented out line, this can lead to the same OTP being accepted
    multiple times which is a security vulnerability. CVE-2013-7322
    CVs: ----------------------------------------------------------------------
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/oath-toolkit'
  unixtime: '1394413131'
  user: pettai