===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.494
retrieving revision 1.495
diff -u -r1.494 -r1.495
--- www/errata.html 2004/05/27 18:32:06 1.494
+++ www/errata.html 2004/05/30 22:40:51 1.495
@@ -56,6 +56,22 @@
All architectures
+-
+008: SECURITY FIX: May 30,
+2004
+A flaw in the Kerberos V kdc(8)
+server could result in the administrator of a Kerberos realm having
+the ability to impersonate any principal in any other realm which
+has established a cross-realm trust with their realm. The flaw is due to
+inadequate checking of the "transited" field in a Kerberos request. For
+more details see
+Heimdal's announcement.
+
+
+A source code patch exists which remedies this problem.
+
-
008: SECURITY FIX: May 26,
2004
@@ -246,7 +262,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.494 2004/05/27 18:32:06 matthieu Exp $
+
$OpenBSD: errata.html,v 1.495 2004/05/30 22:40:51 beck Exp $