From: | tlyu@mit.edu |
Subject: | SVN Commit |
pull up r23832 from trunk
------------------------------------------------------------------------
r23832 | tlyu | 2010-03-23 14:53:52 -0400 (Tue, 23 Mar 2010) | 8 lines
ticket: 6690
target_version: 1.8.1
tags: pullup
subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.
https://github.com/krb5/krb5/commit/9c0f73bd27b7778435f32e8c5dbec97ffb00109e
Commit By: tlyu
Revision: 23850
Changed Files:
U branches/krb5-1-7/src/lib/gssapi/spnego/spnego_mech.c