5abaf08664
When CVE-2022-3437 was fixed by changing memcmp to be a constant time and the workaround for th e compiler was to add "!=0". However the logic implmented was inverted resulting in CVE-2022-4152. Reported by: Timothy E Zingelman <zingelman _AT_ fnal.gov> MFC after: 1 day Security: CVE-2022-4152 Security: https://www.cve.org/CVERecord?id=CVE-2022-45142 Security: https://nvd.nist.gov/vuln/detail/CVE-2022-45142 Security: https://security-tracker.debian.org/tracker/CVE-2022-45142 Security: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142 Security: https://bugzilla.samba.org/show_bug.cgi?id=15296 Security: https://www.openwall.com/lists/oss-security/2023/02/08/1 |
||
---|---|---|
.. | ||
asn1 | ||
com_err | ||
gssapi | ||
hdb | ||
heimdal | ||
hx509 | ||
ipc | ||
kadm5 | ||
kafs | ||
krb5 | ||
ntlm | ||
roken | ||
sl | ||
vers | ||
wind | ||
Makefile.am | ||
Makefile.in |