rpms/krb5/F-9 krb5.spec, 1.171, 1.172 krb5-1.6.3-spnego-crash.patch, 1.1, NONE

Nalin Dahyabhai nalin at fedoraproject.org
Tue Apr 7 18:16:58 UTC 2009 

Author: nalin

Update of /cvs/extras/rpms/krb5/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14391/F-9

Modified Files:
	krb5.spec 
Removed Files:
	krb5-1.6.3-spnego-crash.patch 
Log Message:
- remove obsolete patch for CVE-2009-0845
- add patches for read overflow and null pointer dereference in the
  implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
- add patch for attempt to free uninitialized pointer in libkrb5
  (CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)



Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-9/krb5.spec,v
retrieving revision 1.171
retrieving revision 1.172
diff -u -r1.171 -r1.172
--- krb5.spec	6 Apr 2009 22:47:25 -0000	1.171
+++ krb5.spec	7 Apr 2009 18:16:27 -0000	1.172
@@ -16,7 +16,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.3
-Release: 15%{?dist}
+Release: 16%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -101,7 +101,9 @@
 Patch77: krb5-CVE-2007-5971.patch
 Patch78: krb5-1.6.3-lucid-acceptor.patch
 Patch79: krb5-trunk-ftp_mget_case.patch
-Patch80: krb5-1.6.3-spnego-crash.patch
+Patch81: krb5-CVE-2009-0844-0845-2.patch
+Patch82: krb5-CVE-2009-0846.patch
+Patch83: krb5-CVE-2009-0847.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -232,6 +234,13 @@
 certificate.
 
 %changelog
+* Tue Apr  7 2009 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-16
+- add patches for read overflow and null pointer dereference in the
+  implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
+- add patch for attempt to free uninitialized pointer in libkrb5
+  (CVE-2009-0846)
+- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
+
 * Mon Apr  6 2009 Nalin Dahyabhai <nalin at redhat.com>
 - pull in a couple of defuzzed patches from the F-10 version of this package,
   dropping a redundant man page patch in the process
@@ -1377,7 +1386,9 @@
 %patch77 -p0 -b .2007-5971
 %patch78 -p0 -b .lucid_acceptor
 %patch79 -p0 -b .ftp_mget_case
-%patch80 -p0 -b .spnego-crash
+%patch81 -p1 -b .CVE-2009-0844-0845-2
+%patch82 -p1 -b .CVE-2009-0846
+%patch83 -p1 -b .CVE-2009-0847
 cp src/krb524/README README.krb524
 gzip doc/*.ps
 


--- krb5-1.6.3-spnego-crash.patch DELETED ---

More information about the fedora-extras-commits mailing list