The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. 0.6.5 and 0.7 fixes this problem.
kerberos please advise.
will fix, stay tuned
ok, so the vulnerability is valid -- I have added 0.6.5 into portage, testing for EVERYONE. I will stable amd64 in about 12 hours or so -- arch teams, please note very carefully: The following packages need to go stable *at the same time* : sys-fs/e2fsprogs (the one which rdeps on the next two) sys-libs/ss sys-libs/com_err app-crypt/mit-krb5-1.4 (which probably means db-4.2, but let's talk about that, if that's not an option).
Arches please test and mark stable not only app-crypt/heimdal but all packages mentioned in comment #3.
Stable on ppc.
I'm getting broken stuff all over the place with com_err. For instance cvs is linked against libcom_err.so.3 and sys-libs/com_err-1.37 just provides libcom_err.so
Back to ebuild status, unCC'ing arches. Seemant please advise.
revdep-rebuild after emerging libcom_err -- I will add a big fat note in the ebuild's postinst to do so.
Back to stable, arches please test and mark.
Added einfo big fat warning to mit-krb5 too. Fixed USE=krb4 for heimdal since it didn't build no matter the arch. Now sparc stable.
stable on x86 and amd64. mips, hppa, ia64 and alpha: you guys are up!
Stable on hppa.
Alpha + ia64 stable.
all important arches marked stable, mips promised to follow in one or two days. glsa is already drafted and reviewed, just needs sending.
Thx everyone. GLSA 200506-24 mips please remember to mark stable to benifit from the GLSA.
mips stable.