head	1.2;
access;
symbols
	pkgsrc-2015Q4:1.1.0.12
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.10
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.8
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.6
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.4
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.2
	pkgsrc-2014Q3-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.03.15.15.16.39;	author tez;	state dead;
branches;
next	1.1;
commitid	vfGyRvS5ID9EDKYy;

1.1
date	2014.08.28.22.23.05;	author tez;	state Exp;
branches;
next	;
commitid	5BjKLCUeJxm9abOx;


desc
@@


1.2
log
@Update to 1.14.1 resolving all reported vulnerabilities including:
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-2698
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
@
text
@$NetBSD: patch-CVE-2014-4344,v 1.1 2014/08/28 22:23:05 tez Exp $

fix for CVE-2014-4344 from:
https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc

--- lib/gssapi/spnego/spnego_mech.c
+++ lib/gssapi/spnego/spnego_mech.c
@@@@ -1442,7 +1442,7 @@@@ acc_ctx_cont(OM_uint32 *minstat,
 
 	ptr = bufstart = buf->value;
 #define REMAIN (buf->length - (ptr - bufstart))
-	if (REMAIN > INT_MAX)
+	if (REMAIN == 0 || REMAIN > INT_MAX)
 		return GSS_S_DEFECTIVE_TOKEN;
 
 	/*
@


1.1
log
@Add fixes for CVE-2014-4341, CVE-2014-4342 (same patch as CVE-2014-4341)
CVE-2014-4343, CVE-2014-4344 & MITKRB5-SA-2014-001 (CVE-2014-4345).
@
text
@d1 1
a1 1
$NetBSD$
@