It was reported  that if a KDC serves multiple realms, certain requests could cause the setup_server_realm() funtion to dereference a null pointer, resulting in a crash of the KDC (Key Distribution Center). This can be triggered by an unauthenticated user.
This has been correct in git .
+*mit-krb5-1.11.4 (09 Nov 2013)
+ 09 Nov 2013; Eray Aslan <firstname.lastname@example.org> +mit-krb5-1.11.4.ebuild:
+ Security bump - bug #490668
@security: Please stabilise =app-crypt/mit-krb5-1.11.4. Thank you.
Arches, please test and mark stable:
Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
Maintainer(s), please cleanup.
Security, please vote.
Maintainer(s), thank you for cleanup.
Added to existing request.
The setup_server_realm function in main.c in the Key Distribution Center
(KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are
configured, allows remote attackers to cause a denial of service (NULL
pointer dereference and daemon crash) via a crafted request.
GLSA vote: yes.
Whoops, didn't see that I had already added this. Fail.
This issue was resolved and addressed in
GLSA 201312-12 at http://security.gentoo.org/glsa/glsa-201312-12.xml
by GLSA coordinator Sergey Popov (pinkbyte).