[ubuntu/lunar-proposed] heimdal 7.8.git20221117.28daf24+dfsg-1ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Wed Jan 25 03:30:16 UTC 2023
heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
(LP #1934936)
heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium
* New upstream release.
heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium
* Source-only upload to enable migration to testingi (2nd attempt).
heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium
* Source-only upload to enable migration to testing.
heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium
* New upstream version.
* Numerous security fixes (Closes: #1024187).
* asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
* krb5: PAC parse integer overflows (CVE-2022-42898)
* gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
* gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
* gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
(CVE-2022-3437)
* gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad()
(CVE-2022-3437)
* gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Check buffer length against overflow for DES{,3} unwrap
(CVE-2022-3437)
* gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
* libhx509: Fix denial of service vulnerability (CVE-2022-41916)
* spnego: send_reject when no mech selected (CVE-2021-44758)
* Fix regression in _krb5_get_int64 on 32 bit systems.
https://github.com/heimdal/heimdal/pull/1025
* Increment soname for libroken.
* Increment soname for libhcrypto.
* Remove legacy shared library version requirements.
* Add symbols to libkadm5srv8.
Date: Tue, 24 Jan 2023 19:14:54 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/heimdal/7.8.git20221117.28daf24+dfsg-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 24 Jan 2023 19:14:54 -0800
Source: heimdal
Built-For-Profiles: noudeb
Architecture: source
Version: 7.8.git20221117.28daf24+dfsg-1ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 1024187
Changes:
heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
(LP #1934936)
.
heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium
.
* New upstream release.
.
heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium
.
* Source-only upload to enable migration to testingi (2nd attempt).
.
heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium
.
* Source-only upload to enable migration to testing.
.
heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium
.
* New upstream version.
* Numerous security fixes (Closes: #1024187).
* asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
* krb5: PAC parse integer overflows (CVE-2022-42898)
* gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
* gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
* gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
(CVE-2022-3437)
* gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad()
(CVE-2022-3437)
* gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Check buffer length against overflow for DES{,3} unwrap
(CVE-2022-3437)
* gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
* libhx509: Fix denial of service vulnerability (CVE-2022-41916)
* spnego: send_reject when no mech selected (CVE-2021-44758)
* Fix regression in _krb5_get_int64 on 32 bit systems.
https://github.com/heimdal/heimdal/pull/1025
* Increment soname for libroken.
* Increment soname for libhcrypto.
* Remove legacy shared library version requirements.
* Add symbols to libkadm5srv8.
Checksums-Sha1:
0cd6cc3d342b3cc6c4f4ce6696f24107cfd501ab 3749 heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1.dsc
0a8023057a49ac94ac196b949bd50841cdbaca4a 7744956 heimdal_7.8.git20221117.28daf24+dfsg.orig.tar.xz
d089499e9f97c2df680292661c9da62c4e8d35dc 128428 heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1.debian.tar.xz
f80661b17d57d8a57977bdd5730b896b2ae78abd 8290 heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
9c17752e64ae4e13f180ea87afad77ae49dcfa39576e0239fa25a7dd177edda3 3749 heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1.dsc
ae703f84856b98609985f8c63ed2d414c69fe8d55147137b3a71136621ffd454 7744956 heimdal_7.8.git20221117.28daf24+dfsg.orig.tar.xz
66697b7ae7acc9bb45532b69952367e5866a884ee65902392743e933c4734182 128428 heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1.debian.tar.xz
6babc173c51042b0f8443f4bfa0c0a3d9c32906c82687e223670ec6af8fec01c 8290 heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1_source.buildinfo
Files:
478c0bda112d7b16707d4c3f6c611519 3749 net optional heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1.dsc
2bfd3177cc2f35aa3d5917c67d2eb845 7744956 net optional heimdal_7.8.git20221117.28daf24+dfsg.orig.tar.xz
0d6e4ceb033567c93fd9de8d56eb03d4 128428 net optional heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1.debian.tar.xz
2a5b430c7e48a08bd2c575de93131a62 8290 net optional heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Brian May <bam at debian.org>
More information about the lunar-changes
mailing list