diff -Nru heimdal-7.7.0+dfsg/debian/changelog heimdal-7.7.0+dfsg/debian/changelog
--- heimdal-7.7.0+dfsg/debian/changelog	2022-10-11 17:48:22.000000000 +0000
+++ heimdal-7.7.0+dfsg/debian/changelog	2022-12-07 18:14:12.000000000 +0000
@@ -1,3 +1,13 @@
+heimdal (7.7.0+dfsg-1ubuntu1.2) focal-security; urgency=medium
+
+  * SECURITY UPDATE: out-of-bounds memory access
+    - debian/patches/CVE-2022-41916.patch: move variable assignment and
+      increment to be done later in time to prevent unintended read in
+      find_composition() in lib/wind/normalize.c.
+    - CVE-2022-41916
+
+ -- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>  Wed, 07 Dec 2022 15:14:12 -0300
+
 heimdal (7.7.0+dfsg-1ubuntu1.1) focal-security; urgency=medium
 
   * SECURITY UPDATE: NULL pointer dereference when handling missing sname in
diff -Nru heimdal-7.7.0+dfsg/debian/patches/CVE-2022-41916.patch heimdal-7.7.0+dfsg/debian/patches/CVE-2022-41916.patch
--- heimdal-7.7.0+dfsg/debian/patches/CVE-2022-41916.patch	1970-01-01 00:00:00.000000000 +0000
+++ heimdal-7.7.0+dfsg/debian/patches/CVE-2022-41916.patch	2022-12-07 18:14:04.000000000 +0000
@@ -0,0 +1,31 @@
+From eb87af0c2d189c25294c7daf483a47b03af80c2c Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 17 Nov 2021 20:00:29 -0500
+Subject: [PATCH] lib/wind: find_normalize read past end of array
+
+find_normalize() can under some circumstances read one element
+beyond the input array.  The contents are discarded immediately
+without further use.
+
+This change prevents the unintended read.
+
+(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e)
+
+Change-Id: Ia2759a5632d64f7fa6553f879b5bbbf43ba3513e
+---
+ lib/wind/normalize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- heimdal-7.7.0+dfsg.orig/lib/wind/normalize.c
++++ heimdal-7.7.0+dfsg/lib/wind/normalize.c
+@@ -227,9 +227,9 @@ find_composition(const uint32_t *in, uns
+ 	unsigned i;
+ 
+ 	if (n % 5 == 0) {
+-	    cur = *in++;
+ 	    if (in_len-- == 0)
+ 		return c->val;
++	    cur = *in++;
+ 	}
+ 
+ 	i = cur >> 16;
diff -Nru heimdal-7.7.0+dfsg/debian/patches/series heimdal-7.7.0+dfsg/debian/patches/series
--- heimdal-7.7.0+dfsg/debian/patches/series	2022-10-11 17:47:51.000000000 +0000
+++ heimdal-7.7.0+dfsg/debian/patches/series	2022-12-07 18:14:00.000000000 +0000
@@ -21,3 +21,4 @@
 python3.diff
 CVE-2021-3671.patch
 CVE-2022-3116.patch
+CVE-2022-41916.patch