Hello community, here is the log from the commit of package krb5-appl for openSUSE:Factory checked in at 2012-01-27 15:20:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5-appl (Old) and /work/SRC/openSUSE:Factory/.krb5-appl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5-appl", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5-appl/krb5-appl.changes 2011-12-26 16:28:27.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.krb5-appl.new/krb5-appl.changes 2012-01-27 15:21:21.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Jan 27 11:13:30 CET 2012 - [email protected] + +- update to version 1.0.3 + * Fixed a remote code execution in ktelnetd + (CVE-2011-4862 / bnc#738632) + +------------------------------------------------------------------- Old: ---- krb5-appl-1.0.2.tar.bz2 New: ---- krb5-appl-1.0.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-appl.spec ++++++ --- /var/tmp/diff_new_pack.AwH4uf/_old 2012-01-27 15:21:23.000000000 +0100 +++ /var/tmp/diff_new_pack.AwH4uf/_new 2012-01-27 15:21:23.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-appl # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -%define srcRoot krb5-appl-1.0.2/ + +%define srcRoot krb5-appl-1.0.3/ %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -25,7 +26,7 @@ BuildRequires: krb5-devel BuildRequires: libcom_err-devel BuildRequires: ncurses-devel -Version: 1.0.2 +Version: 1.0.3 Release: 0 Summary: MIT Kerberos5 Implementation--Applications License: MIT ++++++ krb5-appl-1.0.2.tar.bz2 -> krb5-appl-1.0.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/krb5-appl-1.0.2/telnet/libtelnet/encrypt.c new/krb5-appl-1.0.3/telnet/libtelnet/encrypt.c --- old/krb5-appl-1.0.2/telnet/libtelnet/encrypt.c 2009-11-05 21:15:06.000000000 +0100 +++ new/krb5-appl-1.0.3/telnet/libtelnet/encrypt.c 2011-12-27 18:12:32.000000000 +0100 @@ -757,6 +757,9 @@ int dir = kp->dir; register int ret = 0; + if (len > MAXKEYLEN) + len = MAXKEYLEN; + if (!(ep = (*kp->getcrypt)(*kp->modep))) { if (len == 0) return; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
