Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at Wed May 4 14:46:16 CEST 2011.
-------- --- sssd/sssd.changes 2011-04-14 13:36:26.000000000 +0200 +++ /mounts/work_src_done/STABLE/sssd/sssd.changes 2011-05-04 11:23:29.000000000 +0200 @@ -1,0 +2,19 @@ +Wed May 4 09:22:20 UTC 2011 - [email protected] + +- Update to 1.5.7 + * A flaw was found in the handling of cached passwords when + kerberos renewal tickets is enabled. Due to a bug, the cached + password was overwritten with a (moderately) predictable + filename, which could allow a user to authenticate as someone + else if they knew the name of the cache file (bnc#691135, + CVE-2011-1758) +- Changes in 1.5.6: + * Fixed a serious memory leak in the memberOf plugin + * Fixed a regression with the negative cache that caused it to be + essentially nonfunctional + * Fixed an issue where the user's full name would sometimes be + removed from the cache + * Fixed an issue with password changes in the kerberos provider + not working with kpasswd + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- sssd-1.5.5.tar.bz2 New: ---- sssd-1.5.7.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.QtaHON/_old 2011-05-04 14:45:45.000000000 +0200 +++ /var/tmp/diff_new_pack.QtaHON/_new 2011-05-04 14:45:45.000000000 +0200 @@ -18,7 +18,7 @@ Name: sssd -Version: 1.5.5 +Version: 1.5.7 Release: 1 Group: System/Daemons Summary: System Security Services Daemon ++++++ sssd-1.5.5.tar.bz2 -> sssd-1.5.7.tar.bz2 ++++++ ++++ 10420 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
