-
heimdal (7.8.git20221117.28daf24+dfsg-3ubuntu1) mantic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
heimdal (7.8.git20221117.28daf24+dfsg-3) unstable; urgency=medium
* Fix random "Ticket expired" and "Clock skew too great" errors by setting
kdc_offset correctly. Closes: #1039992.
-- Steve Langasek <email address hidden> Tue, 18 Jul 2023 09:23:55 -0700
-
heimdal (7.8.git20221117.28daf24+dfsg-2ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium
* Fix incorrect license of Debian files.
* Fix deprecated dependancies.
* gsskrb5: fix accidental logic inversions (CVE-2022-45142)
(Closes: #1030849) - change applied from NMU version
7.8.git20221117.28daf24+dfsg-1.1
* Add ro.po file. Closes: #1031897.
-- Steve Langasek <email address hidden> Tue, 02 May 2023 09:56:10 +0200
-
heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
(LP #1934936)
heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium
* New upstream release.
heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium
* Source-only upload to enable migration to testingi (2nd attempt).
heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium
* Source-only upload to enable migration to testing.
heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium
* New upstream version.
* Numerous security fixes (Closes: #1024187).
* asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
* krb5: PAC parse integer overflows (CVE-2022-42898)
* gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
* gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
* gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
(CVE-2022-3437)
* gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad()
(CVE-2022-3437)
* gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Check buffer length against overflow for DES{,3} unwrap
(CVE-2022-3437)
* gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
* libhx509: Fix denial of service vulnerability (CVE-2022-41916)
* spnego: send_reject when no mech selected (CVE-2021-44758)
* Fix regression in _krb5_get_int64 on 32 bit systems.
https://github.com/heimdal/heimdal/pull/1025
* Increment soname for libroken.
* Increment soname for libhcrypto.
* Remove legacy shared library version requirements.
* Add symbols to libkadm5srv8.
-- Steve Langasek <email address hidden> Tue, 24 Jan 2023 19:14:54 -0800