Bah, upstream bugs are restricted. Details should be here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215443 Please don't open this bug before the upstream bugs are opened.
finally adding maintiners please provide an updated ebuild RH published an advisory about a week ago http://rhn.redhat.com/errata/RHSA-2006-0746.html http://secunia.com/advisories/23023/
Created attachment 106454 [details, diff] http://modauthkerb.cvs.sourceforge.net/modauthkerb/mod_auth_kerb/spnegokrb5/der_get.c?r1=1.1&r2=1.1.2.1 Proposed patch by UPSTREAM.
(In reply to comment #1) > finally adding maintiners > please provide an updated ebuild New revisions in the tree. Both =net-www/mod_auth_kerb-5.0_rc6-r1 and =net-www/mod_auth_kerb-5.0_rc7-r1 fix this bug.
Hello my dear prefered arch. Please test and mark stable one of these two ebuilds: =net-www/mod_auth_kerb-5.0_rc6-r1 =net-www/mod_auth_kerb-5.0_rc7-r1 , thanks in advance
>>> Emerging (2 of 2) net-www/mod_auth_kerb-5.0_rc7-r1 to / * mod_auth_kerb-5.0rc7.tar.gz MD5 ;-) ... [ ok ] * mod_auth_kerb-5.0rc7.tar.gz RMD160 ;-) ... [ ok ] * mod_auth_kerb-5.0rc7.tar.gz SHA1 ;-) ... [ ok ] * mod_auth_kerb-5.0rc7.tar.gz SHA256 ;-) ... [ ok ] * mod_auth_kerb-5.0rc7.tar.gz size ;-) ... [ ok ] * checking ebuild checksums ;-) ... [ ok ] * checking auxfile checksums ;-) ... [ ok ] * checking miscfile checksums ;-) ... [ ok ] * checking mod_auth_kerb-5.0rc7.tar.gz ;-) ... [ ok ] >>> Unpacking source... >>> Unpacking mod_auth_kerb-5.0rc7.tar.gz to /var/tmp/portage/portage/net-www/mod_auth_kerb-5.0_rc7-r1/work * Applying mod_auth_kerb-5.0-CVE-2006-5989.patch ... [ ok ] * Applying mod_auth_kerb-5.0-gcc4.patch ... [ ok ] * Applying mod_auth_kerb-5.0-axps1.patch ... * Failed Patch: mod_auth_kerb-5.0-axps1.patch ! * ( /usr/gentoo/portage/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-axps1.patch ) * * Include in your bugreport the contents of: * * /var/tmp/portage/portage/net-www/mod_auth_kerb-5.0_rc7-r1/temp/mod_auth_kerb-5.0-axps1.patch-25129.out !!! ERROR: net-www/mod_auth_kerb-5.0_rc7-r1 failed. Call stack: ebuild.sh, line 1593: Called dyn_unpack ebuild.sh, line 731: Called src_unpack mod_auth_kerb-5.0_rc7-r1.ebuild, line 43: Called epatch '/usr/gentoo/portage/net-www/mod_auth_kerb/files/mod_auth_kerb-5.0-axps1.patch' eutils.eclass, line 341: Called die !!! Failed Patch: mod_auth_kerb-5.0-axps1.patch! !!! If you need support, post the topmost build error, and the call stack if relevant.
Created attachment 106817 [details] mod_auth_kerb-5.0-axps1.patch-25129.out
Ticho, please sync again, the last commit by phreak is not OK
Created attachment 106864 [details] merge log Synced, but compilation fails. Merge log attached.
Thx ticho. phreak, your turn :)
Ticho was happy and asked me to stabilize it.
Perfet, thanks. Time to vote for a GLSA. Despite of the overflow, mitre.org only mentions a DoS. I really hesitate.
hard to decide here... but I tend to vote yes
The thing is that if you use kerberos, chances are good that it is mission-critical. Hence a "yes" from me.
Go
GLSA 200601-14, thanks everybody.