packages: krb5/krb5-CVE-2007-5901.patch (NEW), krb5/krb5-CVE-2007-5971.patc...

baggins baggins at pld-linux.org
Tue Jun 2 14:48:01 CEST 2009 

Author: baggins                      Date: Tue Jun  2 12:48:01 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- security fix, name says it all

---- Files affected:
packages/krb5:
   krb5-CVE-2007-5901.patch (NONE -> 1.1)  (NEW), krb5-CVE-2007-5971.patch (NONE -> 1.1)  (NEW), krb5-CVE-2008-0062 (0063.patch -> NONE)  (REMOVED), 1.1 (krb5-CVE-2008-0947.patch -> NONE)  (REMOVED), 1.1 (krb5-CVE-2009-0844-0845-2.patch -> NONE)  (REMOVED), 1.1 (krb5-CVE-2009-0846.patch -> NONE)  (REMOVED), 1.1 (krb5-CVE-2009-0847.patch -> NONE)  (REMOVED)

---- Diffs:

================================================================
Index: packages/krb5/krb5-CVE-2007-5901.patch
diff -u /dev/null packages/krb5/krb5-CVE-2007-5901.patch:1.1
--- /dev/null	Tue Jun  2 14:48:01 2009
+++ packages/krb5/krb5-CVE-2007-5901.patch	Tue Jun  2 14:47:56 2009
@@ -0,0 +1,13 @@
+Patch for CVE-2007-5901, pulled from SVN per #415321.
+diff -up src/lib/gssapi/mechglue/g_initialize.c src/lib/gssapi/mechglue/g_initialize.c
+--- src/lib/gssapi/mechglue/g_initialize.c	2008-03-04 16:29:13.000000000 -0500
++++ src/lib/gssapi/mechglue/g_initialize.c	2008-03-04 16:29:16.000000000 -0500
+@@ -210,7 +210,7 @@ gss_OID_set *mechSet;
+ 				free((*mechSet)->elements[j].elements);
+ 			}
+ 			free((*mechSet)->elements);
+-			free(mechSet);
++			free(*mechSet);
+ 			*mechSet = NULL;
+ 			return (GSS_S_FAILURE);
+ 		}

================================================================
Index: packages/krb5/krb5-CVE-2007-5971.patch
diff -u /dev/null packages/krb5/krb5-CVE-2007-5971.patch:1.1
--- /dev/null	Tue Jun  2 14:48:01 2009
+++ packages/krb5/krb5-CVE-2007-5971.patch	Tue Jun  2 14:47:56 2009
@@ -0,0 +1,12 @@
+Patch for CVE-2007-5971, pulled from SVN per #415351.
+diff -up src/lib/gssapi/krb5/k5sealv3.c src/lib/gssapi/krb5/k5sealv3.c
+--- src/lib/gssapi/krb5/k5sealv3.c	2008-03-04 16:22:29.000000000 -0500
++++ src/lib/gssapi/krb5/k5sealv3.c	2008-03-04 16:22:22.000000000 -0500
+@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_con
+ 	plain.data = 0;
+ 	if (err) {
+ 	    zap(outbuf,bufsize);
+-	    free(outbuf);
+ 	    goto error;
+ 	}
+ 	if (sum.length != ctx->cksum_size)
================================================================

More information about the pld-cvs-commit mailing list