1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted heimdal 7.7.0+dfsg-2+deb11u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Wed Nov 23 22:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 12 Nov 2022 15:56:34 +0100
    Source: heimdal
    Architecture: source
    Version: 7.7.0+dfsg-2+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Brian May <bam@debian.org>
    Changed-By: Salvatore Bonaccorso <carnil@debian.org>
    Closes: 996586
    Changes:
    heimdal (7.7.0+dfsg-2+deb11u1) bullseye-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * kdc: validate sname in TGS-REQ (CVE-2021-3671) (Closes: #996586)
    * Address GCC Bug 95189 memcmp wrongly stripped like strcmp
    * Fix compiler warnings and build issues
    * spnego: send_reject when no mech selected (CVE-2021-44758)
    * asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
    * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
    * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
    * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
    (CVE-2022-3437)
    * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437)
    * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
    * gsskrb5: Check buffer length against overflow for DES{,3} unwrap
    (CVE-2022-3437)
    * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
    * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
    * krb5: PAC parse integer overflows (CVE-2022-42898)
    * lib/wind: find_normalize read past end of array
    Checksums-Sha1:
    c88a50b8a408bfbf23df07c504d811515091b95e 3767 heimdal_7.7.0+dfsg-2+deb11u1.dsc
    2b71fff4c2e4a4c8b2c6ab3e4f5dc40b26b6388f 5945252 heimdal_7.7.0+dfsg.orig.tar.xz
    7bdf0f0b5552c6fca2a958ffbf3eb182d9cfc717 147396 heimdal_7.7.0+dfsg-2+deb11u1.debian.tar.xz
    Checksums-Sha256:
    667f718c4d3d99de172071fc7b801501ebf1b8b2c28972ffc6721da85660ba9f 3767 heimdal_7.7.0+dfsg-2+deb11u1.dsc
    6822c9547188b753b6325047fda9255744e4ebbbe02bb0dade78c261061fefac 5945252 heimdal_7.7.0+dfsg.orig.tar.xz
    5483d4fa6a776068181d9b01aea8c5f15910dde00d9a591c87c85d4730a5925e 147396 heimdal_7.7.0+dfsg-2+deb11u1.debian.tar.xz
    Files:
    b5a2fe84736667ecf525f9dc97529e09 3767 net optional heimdal_7.7.0+dfsg-2+deb11u1.dsc
    4400de10f7a569fe14ecb2641aea341b 5945252 net optional heimdal_7.7.0+dfsg.orig.tar.xz
    42dae396b0e6f75503a23b7b8695a294 147396 net optional heimdal_7.7.0+dfsg-2+deb11u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNvt75fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHFcP/iU41lV13RQS6sZ4ODnw+H8ylxY4Du7u FHdZte5r5gR2eUHVviUb6+mUWRB2Y5xszznP+gKoUu68pxYMl5Dox8ckcfVAzO3r 9vss7bmGYkN5X1L+nhBahsAOBJU65OGmIUDgGDwY6vr/H1hPo0aX8UzoqPJUpSgy Y2nxZHbQ2uKWpq6K5JGtiDl5DoKwWcl6AeKYSCDVEI0+sgDo335lJ6Ve8Xf3YD6T ncBnf6UpwQ1OSSKpJM/nMdjOjdfpLPA8jFejY8WhV8Ab7WpfhfSULBLvLIHH/ASM NchFyV5oHbuWSfRdLHwP8wIb6EB7OGU6b60YJBv+7YdYWt2QvycGQCzcmN+hiGYl JErO3ILENoum5yDDrW8EpFkJWU8KfmudhkRxPt+tmWwRV094QUuHIWGVN14o1TXM zlwEBKAKPak/rbtVGovVLcD8wFrh4IGCY1r+cRT6fOTiygwbEYOjbeNRZxg+KwPX XxyEQ0IbOSu3iZwW2I8xmdMY/LThpnmt/X1q5BK2ueuGd+geerczNlNlmfp7e7II /fagfOpbuP9q3uV2ca0VrP7H8Ek+48Dfltj3lw8SCePw1zEs2QzYTxib0XJ52bQX yzwxgAcw1/nNUOZYX6AhHc1kkImRWxmAbetxdl75Su3ITN/Od+8RTfKhcvPfUpo5
    MvUFPekMfdOd
    =8cug
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)