freebsd-dev

History

Cy Schubert 5abaf08664 heimdal: Fix CVE-2022-4152, signature validation error When CVE-2022-3437 was fixed by changing memcmp to be a constant time and the workaround for th e compiler was to add "!=0". However the logic implmented was inverted resulting in CVE-2022-4152. Reported by: Timothy E Zingelman <zingelman _AT_ fnal.gov> MFC after: 1 day Security: CVE-2022-4152 Security: https://www.cve.org/CVERecord?id=CVE-2022-45142 Security: https://nvd.nist.gov/vuln/detail/CVE-2022-45142 Security: https://security-tracker.debian.org/tracker/CVE-2022-45142 Security: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142 Security: https://bugzilla.samba.org/show_bug.cgi?id=15296 Security: https://www.openwall.com/lists/oss-security/2023/02/08/1		2023-03-09 17:18:49 -08:00
..
asn1	heimdal: Fix: Too large time skew, client time 1970-01-01T01:00:00	2022-11-17 09:29:17 -08:00
com_err
gssapi	heimdal: Fix CVE-2022-4152, signature validation error	2023-03-09 17:18:49 -08:00
hdb	heimdal: Fix multiple security vulnerabilities	2022-11-15 13:12:37 -08:00
heimdal
hx509	heimdal: Fix multiple security vulnerabilities	2022-11-15 13:12:37 -08:00
ipc	heimdal: Fix multiple security vulnerabilities	2022-11-15 13:12:37 -08:00
kadm5	heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL	2023-02-08 15:08:54 -08:00
kafs	heimdal: Fix multiple security vulnerabilities	2022-11-15 13:12:37 -08:00
krb5	Revert "heimdal: Fix bus fault when zero-length request received"	2022-12-09 06:09:54 -08:00
ntlm
roken	heimdal: Fix multiple security vulnerabilities	2022-11-15 13:12:37 -08:00
sl
vers
wind	heimdal: Fix multiple security vulnerabilities	2022-11-15 13:12:37 -08:00
Makefile.am
Makefile.in