svn commit: r378910 - head/security/vuxml

Ryan Steinmetz zi at FreeBSD.org
Fri Feb 13 01:55:35 UTC 2015 

Author: zi
Date: Fri Feb 13 01:55:33 2015
New Revision: 378910
URL: https://svnweb.freebsd.org/changeset/ports/378910
QAT: https://qat.redports.org/buildarchive/r378910/

Log:
  - Correct errors in previous commit to resolve build

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Feb 13 01:48:14 2015	(r378909)
+++ head/security/vuxml/vuln.xml	Fri Feb 13 01:55:33 2015	(r378910)
@@ -66,29 +66,31 @@ Notes:
       </package>
       <package>
 	<name>krb5-112</name>
+	<range><gt>0</gt></range>
       </package>
       <package>
 	<name>krb5-111</name>
+	<range><gt>0</gt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>SO-AND-SO reports:</p>
 	<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt">
-          <p>CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn
-             function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in
-             MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP,
-             allows remote authenticated users to cause a denial of service
-             (daemon crash) via a successful LDAP query with no results, as
-             demonstrated by using an incorrect object type for a password
-             policy.</p>
-          <p>CVE-2014-5354: plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in
-             MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when
-             the KDC uses LDAP, allows remote authenticated users to cause a
-             denial of service (NULL pointer dereference and daemon crash) by
-             creating a database entry for a keyless principal, as
-             demonstrated by a kadmin "add_principal -nokey" or "purgekeys
-             -all" command.<p>
+	  <p>CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn
+	     function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in
+	     MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP,
+	     allows remote authenticated users to cause a denial of service
+	     (daemon crash) via a successful LDAP query with no results, as
+	     demonstrated by using an incorrect object type for a password
+	     policy.</p>
+	  <p>CVE-2014-5354: plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in
+	     MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when
+	     the KDC uses LDAP, allows remote authenticated users to cause a
+	     denial of service (NULL pointer dereference and daemon crash) by
+	     creating a database entry for a keyless principal, as
+	     demonstrated by a kadmin "add_principal -nokey" or "purgekeys
+	     -all" command.</p>
 	</blockquote>
       </body>
     </description>
@@ -101,6 +103,7 @@ Notes:
       <entry>2015-02-12</entry>
     </dates>
   </vuln>
+
   <vuln vid="54a69cf7-b2ef-11e4-b1f1-bcaec565249c">
     <topic>xorg-server -- Information leak in the XkbSetGeometry request of X servers.</topic>
     <affects>

More information about the svn-ports-all mailing list