Date: Tue, 30 May 2017 15:42:39 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 219657] security/heimdal: not marked vulnerable, below 7.3 vulnerable - CVE-2017-6594 Message-ID: <bug-219657-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219657 Bug ID: 219657 Summary: security/heimdal: not marked vulnerable, below 7.3 vulnerable - CVE-2017-6594 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: hrs@FreeBSD.org Reporter: prj@rootwyrm.com Assignee: hrs@FreeBSD.org Flags: maintainer-feedback?(hrs@FreeBSD.org) Heimdal 7.1 is vulnerable to CVE-2017-6594 - may permit bypass of capath policy. This has been addressed in Heimdal 7.3.0. https://www.h5l.org/advisories.html?show=3D2017-04-13 Additionally, MASTER_SITES is now out of date - Heimdal is now distributed = via github releases. https://www.h5l.org/sources.html https://github.com/heimdal/heimdal/releases Attempted to pull it up straight, but patches are not applying cleanly, so additional work will be needed. Makefile and distinfo patch provided here (= but I may have gotten MASTER_SITES wrong.) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219657-13>