git: 5d50183d2c7e - main - security/pam_krb5: Revert "security/pam_krb5: IGNORE for CVE-2023-3326"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 21 Aug 2023 19:07:03 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=5d50183d2c7e9ff0a7f7113702506933a6fce4b8
commit 5d50183d2c7e9ff0a7f7113702506933a6fce4b8
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-08-21 18:59:59 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-08-21 19:06:59 +0000
security/pam_krb5: Revert "security/pam_krb5: IGNORE for CVE-2023-3326"
Discussing with our upstream, he is aware of CVE-2023-3326. Work to
add generalized anti-spoofing is planned. In the mean time he
recommends using FAST (anon_fast) to mitigate CVE-2023-3326. anon_fast
already includes built-in anti-spoofing.
More discussion is here:
https://github.com/rra/pam-krb5/blob/main/docs/pam_krb5.pod#L53
This reverts commit 41afd03d9c8e76fe42c555b1274fec069f83ecae.
---
security/pam_krb5/Makefile | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/pam_krb5/Makefile b/security/pam_krb5/Makefile
index 6a898f6aa535..afe524587a76 100644
--- a/security/pam_krb5/Makefile
+++ b/security/pam_krb5/Makefile
@@ -14,8 +14,6 @@ LICENSE= BSD3CLAUSE GPLv1+
LICENSE_COMB= dual
LICENSE_FILE= ${WRKSRC}/LICENSE
-IGNORE= CVE-2023-3326, https://github.com/rra/pam-krb5/issues/27
-
USES= gmake libtool perl5
USE_PERL5= build