K 10
svn:author
V 7
delphij
K 8
svn:date
V 27
2017-07-12T07:19:06.519977Z
K 7
svn:log
V 433
MFV r320905: Import upstream fix for CVE-2017-11103.

In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Submitted by:	hrs
Obtained from:	Heimdal
Security:	FreeBSD-SA-17:05.heimdal
Security:	CVE-2017-11103

END