heimdal 7.8.git20221115.a6cf945+dfsg-1 source package in Debian

Changelog

heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium

  * New upstream version.
  * Numerous security fixes (Closes: #1024187).
  * asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
  * krb5: PAC parse integer overflows (CVE-2022-42898)
  * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
  * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
  * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
    (CVE-2022-3437)
  * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad()
    (CVE-2022-3437)
  * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
  * gsskrb5: Check buffer length against overflow for DES{,3} unwrap
    (CVE-2022-3437)
  * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
  * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
  * libhx509: Fix denial of service vulnerability (CVE-2022-41916)
  * spnego: send_reject when no mech selected (CVE-2021-44758)
  * Fix regression in _krb5_get_int64 on 32 bit systems.
    https://github.com/heimdal/heimdal/pull/1025
  * Increment soname for libroken.
  * Increment soname for libhcrypto.
  * Remove legacy shared library version requirements.
  * Add symbols to libkadm5srv8.

 -- Brian May <email address hidden>  Sun, 27 Nov 2022 10:44:26 +1100