summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/krb5/krb5_1.17.1.bb
Commit message (Collapse)AuthorAgeFilesLines
* krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsingHitendra Prajapati2023-02-221-0/+1
| | | | | | | Upstream-Status: Backport from https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: fix CVE-2021-36222Yi Zhao2021-09-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: https://git.openembedded.org/meta-openembedded MR: 112165 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1 ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421 Description: CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
* krb5: upgrade 1.17 -> 1.17.1Wang Mingyu2019-12-231-0/+192
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 21:47:41 +0000