-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Nov 2022 15:56:34 +0100 Source: heimdal Architecture: source Version: 7.7.0+dfsg-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Brian May <bam@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 996586 Changes: heimdal (7.7.0+dfsg-2+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * kdc: validate sname in TGS-REQ (CVE-2021-3671) (Closes: #996586) * Address GCC Bug 95189 memcmp wrongly stripped like strcmp * Fix compiler warnings and build issues * spnego: send_reject when no mech selected (CVE-2021-44758) * asn1: Invalid free in ASN.1 codec (CVE-2022-44640) * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437) * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437) * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap (CVE-2022-3437) * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437) * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Check buffer length against overflow for DES{,3} unwrap (CVE-2022-3437) * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437) * krb5: PAC parse integer overflows (CVE-2022-42898) * lib/wind: find_normalize read past end of array Checksums-Sha1: c88a50b8a408bfbf23df07c504d811515091b95e 3767 heimdal_7.7.0+dfsg-2+deb11u1.dsc 2b71fff4c2e4a4c8b2c6ab3e4f5dc40b26b6388f 5945252 heimdal_7.7.0+dfsg.orig.tar.xz 7bdf0f0b5552c6fca2a958ffbf3eb182d9cfc717 147396 heimdal_7.7.0+dfsg-2+deb11u1.debian.tar.xz Checksums-Sha256: 667f718c4d3d99de172071fc7b801501ebf1b8b2c28972ffc6721da85660ba9f 3767 heimdal_7.7.0+dfsg-2+deb11u1.dsc 6822c9547188b753b6325047fda9255744e4ebbbe02bb0dade78c261061fefac 5945252 heimdal_7.7.0+dfsg.orig.tar.xz 5483d4fa6a776068181d9b01aea8c5f15910dde00d9a591c87c85d4730a5925e 147396 heimdal_7.7.0+dfsg-2+deb11u1.debian.tar.xz Files: b5a2fe84736667ecf525f9dc97529e09 3767 net optional heimdal_7.7.0+dfsg-2+deb11u1.dsc 4400de10f7a569fe14ecb2641aea341b 5945252 net optional heimdal_7.7.0+dfsg.orig.tar.xz 42dae396b0e6f75503a23b7b8695a294 147396 net optional heimdal_7.7.0+dfsg-2+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNvt75fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHFcP/iU41lV13RQS6sZ4ODnw+H8ylxY4Du7u FHdZte5r5gR2eUHVviUb6+mUWRB2Y5xszznP+gKoUu68pxYMl5Dox8ckcfVAzO3r 9vss7bmGYkN5X1L+nhBahsAOBJU65OGmIUDgGDwY6vr/H1hPo0aX8UzoqPJUpSgy Y2nxZHbQ2uKWpq6K5JGtiDl5DoKwWcl6AeKYSCDVEI0+sgDo335lJ6Ve8Xf3YD6T ncBnf6UpwQ1OSSKpJM/nMdjOjdfpLPA8jFejY8WhV8Ab7WpfhfSULBLvLIHH/ASM NchFyV5oHbuWSfRdLHwP8wIb6EB7OGU6b60YJBv+7YdYWt2QvycGQCzcmN+hiGYl JErO3ILENoum5yDDrW8EpFkJWU8KfmudhkRxPt+tmWwRV094QUuHIWGVN14o1TXM zlwEBKAKPak/rbtVGovVLcD8wFrh4IGCY1r+cRT6fOTiygwbEYOjbeNRZxg+KwPX XxyEQ0IbOSu3iZwW2I8xmdMY/LThpnmt/X1q5BK2ueuGd+geerczNlNlmfp7e7II /fagfOpbuP9q3uV2ca0VrP7H8Ek+48Dfltj3lw8SCePw1zEs2QzYTxib0XJ52bQX yzwxgAcw1/nNUOZYX6AhHc1kkImRWxmAbetxdl75Su3ITN/Od+8RTfKhcvPfUpo5 MvUFPekMfdOd =8cug -----END PGP SIGNATURE-----
