CVS: cvs.openbsd.org: ports

Robert Nagy Wed, 16 Nov 2022 00:47:45 -0800

CVSROOT:        /cvs
Module name:    ports
Changes by:     rob...@cvs.openbsd.org  2022/11/16 01:47:38


Modified files:
        security/heimdal: Makefile distinfo 
        security/heimdal/patches: patch-lib_hx509_softp11_c 
                                  patch-lib_krb5_krb5_h 
        security/heimdal/pkg: PLIST-devel-docs PLIST-libs 
Removed files:
        security/heimdal/patches: patch-lib_hdb_hdb-mitdb_c 

Log message:
security update to 7.8.0; fixes several CVEs:

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

ok aja@

CVS: cvs.openbsd.org: ports

Reply via email to