freebsd-nq/crypto
Xin LI 49426905b3 MFV r320905: Import upstream fix for CVE-2017-11103.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Submitted by:	hrs
Obtained from:	Heimdal
Security:	FreeBSD-SA-17:05.heimdal
Security:	CVE-2017-11103
2017-07-12 07:19:06 +00:00
..
heimdal MFV r320905: Import upstream fix for CVE-2017-11103. 2017-07-12 07:19:06 +00:00
openssh Refine and update blacklist support in sshd 2017-05-12 15:20:12 +00:00
openssl Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
README

$FreeBSD$

This directory is for the EXACT same use as src/contrib, except it
holds crypto sources.  In other words, this holds raw sources obtained
from various third party vendors, with FreeBSD patches applied.  No
compilation is done from this directory, it is all done from the
src/secure directory.  The separation between src/contrib and src/crypto
is the result of an old USA law, which made these sources export
controlled, so they had to be kept separate.