From nobody Fri Feb 2 08:43:32 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TR8SN6tRFz58Htn for ; Fri, 2 Feb 2024 08:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TR8SN59hqz4kXv for ; Fri, 2 Feb 2024 08:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706863412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y18wHGz94Z+OcA5IabrCMFwyF9XjKlowPFDDXVdZ6Lw=; b=RxispRb5TjYjoXxLwRe+FJPEuzyEqAFuJB2B+z9nCpYTSNKu8jHsltqhJFpJzZG0np+CGR zEEWTBcQ4tCb0gzWEZuNlRqUauLt6nK2KTV8yhrVF/0GCFRiRteNQp4Ek1xpm11SxPixGp njyWuSfZj5X2qSpuH+wvhVU4It/PPVg8z21wvivLuoFnz6jjXU7Tv5gN8gnpDZKq1cZRbn BTqnC9SP+QO3fnPZXn1T1pvzKimZarQUFqiUicZkfGJKxiXMgPHO3LSHFsLjmi+wX2fNaS DauG3OqIQ79yuXEch8fZ/G1BkXPkNYaTCjRo2SbUDznk4lh4n8xDAJ+gC7xqQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706863412; a=rsa-sha256; cv=none; b=b1kxznbFN0Uxy7ROq1tj5aFrTFYApOx02RbdDtupkdW4XFZ7ldPgYeoUPjjzveT19zrP3u 6CD+DI1u2FTW30k16Jl2LnXns3ZbfaV4hmpYtpbUMBSIMFHExApZkkHqqCfF8jkv68523O FBcxgf/eCCa/KcHOogcQsZRuO8XV46arPKCrSE7JCq11gRr/87ed00/K1+c5b8WHDO49PW HQkw+4T6X2o0seRBbYA2TYZgc2FLJslIOFum3BP69suX16OY1LIElc6y5gVjeRfHQa1lvJ xeABrBJgoPAhmEXmfKXQjy4wunaXnaXnpk0z7EQmHp/di99DSevv3Xeyei/ypg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TR8SN4FyxzNm0 for ; Fri, 2 Feb 2024 08:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4128hWxf083608 for ; Fri, 2 Feb 2024 08:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4128hWkF083607 for ports-bugs@FreeBSD.org; Fri, 2 Feb 2024 08:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 276775] security/heimdal: Update to 7.8 or newer version Date: Fri, 02 Feb 2024 08:43:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: thresh416@outlook.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hrs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276775 Bug ID: 276775 Summary: security/heimdal: Update to 7.8 or newer version Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: hrs@FreeBSD.org Reporter: thresh416@outlook.com Assignee: hrs@FreeBSD.org Flags: maintainer-feedback?(hrs@FreeBSD.org) CVE-2020-10188 is a security vulnerability in telnetd. As https://github.com/freebsd/freebsd-src/commit/5760cb266e0ab04c221c2acdb4b6c= 4c141130ecd said, freebsd has fixed this CVE in contrib/telnet/telnetd/utility.c. Howev= er, I've found that in heimdal, which is used in ravynos to encrypt and decrypt, also uses telnetd. That is to say freebsd may still contains this security vulnerability which will result in arbitrary code execution. The file which contains vulnerable functions is crypto/heimdal/appl/telnet/telnetd/utility= .c. Update the heimdal to 7.8 or a newer verison may help to solve this, since heimdal had already remove telnet support in https://github.com/heimdal/heimdal/commit/e55b0d0ca5038a8101276a593ffbb6be4= c27c8d0. --=20 You are receiving this mail because: You are the assignee for the bug.=