diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index a5aadbdf0d..9f761f4ff7 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2611 +1,2615 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-22:14.heimdal"
+date = "2022-11-15"
+
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc b/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc
new file mode 100644
index 0000000000..93947ecf2c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc
@@ -0,0 +1,173 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:14.heimdal Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in Heimdal
+
+Category: contrib
+Module: heimdal
+Announced: 2022-11-15
+Affects: All supported versions of FreeBSD.
+Corrected: 2022-11-15 21:15:35 UTC (stable/13, 13.1-STABLE)
+ 2022-11-16 01:50:27 UTC (releng/13.1, 13.1-RELEASE-p4)
+ 2022-11-15 21:16:56 UTC (stable/12, 12.4-STABLE)
+ 2022-11-16 01:47:57 UTC (releng/12.4, 12.4-RC2-p1)
+ 2022-11-16 01:40:21 UTC (releng/12.3, 12.3-RELEASE-p9)
+CVE Name: CVE-2019-14870, CVE-2022-3437, CVE-2022-42898,
+ CVE-2022-44640, CVE-2021-44758
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+Heimdal implements the Kerberos 5 network authentication protocols.
+
+A Key Distribution Center (KDC) is trusted by all principals registered
+in that administrative "realm" to store a secret key in confidence, of
+which, the proof of knowledge is used to verify the authenticity of a
+principal.
+
+II. Problem Description
+
+Multiple security vulnerabilities have been discovered in the Heimdal
+implementation of the Kerberos 5 network authentication protocols and KDC.
+
+- - CVE-2022-42898 PAC parse integer overflows
+- - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
+- - CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
+- - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
+- - CVE-2019-14870 Validate client attributes in protocol-transition
+- - CVE-2019-14870 Apply forwardable policy in protocol-transition
+- - CVE-2019-14870 Always lookup impersonate client in DB
+
+III. Impact
+
+A malicious actor with control of the network between a client and a service
+using Kerberos for authentication can impersonate either the client or the
+service, enabling a man-in-the-middle (MITM) attack circumventing mutual
+authentication.
+
+Note that, while CVE-2022-44640 is a severe vulnerability, possibly enabling
+remote code execution on other platforms, the version of Heimdal included with
+the FreeBSD base system cannot be exploited in this way on FreeBSD.
+
+IV. Workaround
+
+No workaround is available, but only systems using Kerberos are affected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+A reboot is recommended.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is recommended.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:14/heimdal.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:14/heimdal.patch.asc
+# gpg --verify heimdal.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the Kerberos, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ d0b6550173d2 stable/13-n253097
+releng/13.1/ a1e014e89282 releng/13.1-n250170
+stable/12/ r372752
+releng/12.4/ r372755
+releng/12.3/ r372753
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmN0Ud0ACgkQ05eS9J6n
+5cKIKA//bRccdsoilKJvyQw9RazwJ0HENGbPF1RdjyG1nmMsp5wG+rqAdnN0LF8p
+SgEqfZjCx+KXNJBkzblKzduFK9VQ211dbjouwd/BVCbMYemUIs1DqobF6uvYnMbn
+vhQ2lUtZ46WbgvjXOcfsHakmCV2V2kCzBFsCKCQFPcYSch5n9gGW+I4cfewF8+fB
++sjvhz7MDyLaCVB3UpxPUIMc3w/G18zzyhHdhuJOaCrCjf00Mt4Er40ICr+IkRy5
+PpwdX60yvwk3uxzzMyIC5zcS3CD6qFUOaSIXfEuGWGl7Wo7MjoCXECE1sbwLVat8
+K1FJtNIADZJkURzkgjvp9rHQHwZFkLMawrkyik4apHgGsY2pXktZGhcw/qN2BNNn
+uo3HILrjbYK5eU5zLU17FS9X5qTurIcqdVJCIklvjNqW7DAuN3K1I9ryat4w5sST
+ToW5LpLtP9DoI9M9Bh3Mqba629iuXRmQ6LZ6p9EGSFr2i7e3VDEcvMxkGO6Sh8M3
+w67FpqWzeQ1RT2q2YL013emKq6C+oYDjMDDejAqH2Wwwae/7yQiNnXBqvokIXmi4
+KLupHptt0CPFPOFBLloxXBPenYu/49SRWeUoxBqspQuvCY708j1mUntaVtAFm/ax
+QElUUEEmcuJhsBzTzBnS82oe7IRwv3NQm55zkOn+DQZ2HjV/GaY=
+=jmOK
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-22:14/heimdal.patch b/website/static/security/patches/SA-22:14/heimdal.patch
new file mode 100644
index 0000000000..df1be0e924
--- /dev/null
+++ b/website/static/security/patches/SA-22:14/heimdal.patch
@@ -0,0 +1,1400 @@
+--- crypto/heimdal/admin/change.c.orig
++++ crypto/heimdal/admin/change.c
+@@ -217,7 +217,6 @@
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+
+ if (ret == KRB5_KT_END) {
+- ret = 0;
+ for (i = 0; i < j; i++) {
+ if (verbose_flag) {
+ char *client_name;
+--- crypto/heimdal/appl/gssmask/gssmask.c.orig
++++ crypto/heimdal/appl/gssmask/gssmask.c
+@@ -949,7 +949,9 @@
+ memcpy(p, iov[4].buffer.value, iov[4].buffer.length);
+ p += iov[4].buffer.length;
+ memcpy(p, iov[5].buffer.value, iov[5].buffer.length);
++#ifndef __clang_analyzer__
+ p += iov[5].buffer.length;
++#endif
+
+ gss_release_iov_buffer(NULL, iov, iov_len);
+
+--- crypto/heimdal/kadmin/kadmind.c.orig
++++ crypto/heimdal/kadmin/kadmind.c
+@@ -116,7 +116,11 @@
+ }
+
+ argc -= optidx;
++#ifndef __clang_analyzer__
+ argv += optidx;
++#endif
++ if (argc != 0)
++ usage(1);
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+--- crypto/heimdal/kadmin/mod.c.orig
++++ crypto/heimdal/kadmin/mod.c
+@@ -106,7 +106,7 @@
+ add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
+ {
+- krb5_error_code ret;
++ krb5_error_code ret = 0;
+ HDB_extension ext;
+ krb5_data buf;
+ krb5_principal p;
+@@ -127,9 +127,16 @@
+ sizeof(ext.data.u.aliases.aliases.val[0]));
+ ext.data.u.aliases.aliases.len = strings->num_strings;
+
+- for (i = 0; i < strings->num_strings; i++) {
++ for (i = 0; ret == 0 && i < strings->num_strings; i++) {
+ ret = krb5_parse_name(contextp, strings->strings[i], &p);
+- ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
++ if (ret)
++ krb5_err(contextp, 1, ret, "Could not parse alias %s",
++ strings->strings[i]);
++ if (ret == 0)
++ ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
++ if (ret)
++ krb5_err(contextp, 1, ret, "Could not copy parsed alias %s",
++ strings->strings[i]);
+ krb5_free_principal(contextp, p);
+ }
+ }
+--- crypto/heimdal/kadmin/stash.c.orig
++++ crypto/heimdal/kadmin/stash.c
+@@ -103,7 +103,10 @@
+ }
+ }
+ ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
+- ret = hdb_add_master_key(context, &key, &mkey);
++ if (ret == 0)
++ ret = hdb_add_master_key(context, &key, &mkey);
++ if (ret)
++ krb5_warn(context, errno, "setting master key");
+ krb5_free_keyblock_contents(context, &key);
+ }
+
+--- crypto/heimdal/kcm/protocol.c.orig
++++ crypto/heimdal/kcm/protocol.c
+@@ -423,7 +423,7 @@
+ free(name);
+ kcm_release_ccache(context, ccache);
+
+- return 0;
++ return ret;
+ }
+
+ /*
+--- crypto/heimdal/kdc/digest.c.orig
++++ crypto/heimdal/kdc/digest.c
+@@ -1467,6 +1467,10 @@
+ ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
+ buf.data, buf.length, 0,
+ &rep.innerRep);
++ if (ret) {
++ krb5_prepend_error_message(context, ret, "Failed to encrypt digest: ");
++ goto out;
++ }
+
+ ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
+ if (ret) {
+--- crypto/heimdal/kdc/hpropd.c.orig
++++ crypto/heimdal/kdc/hpropd.c
+@@ -107,7 +107,9 @@
+ }
+
+ argc -= optidx;
++#ifndef __clang_analyzer__
+ argv += optidx;
++#endif
+
+ if (argc != 0)
+ usage(1);
+@@ -125,6 +127,7 @@
+ krb5_ticket *ticket;
+ char *server;
+
++ memset(&ss, 0, sizeof(ss));
+ sock = STDIN_FILENO;
+ #ifdef SUPPORT_INETD
+ if (inetd_flag == -1) {
+--- crypto/heimdal/kdc/kdc-replay.c.orig
++++ crypto/heimdal/kdc/kdc-replay.c
+@@ -184,6 +184,8 @@
+ unsigned int tag2;
+ ret = der_get_tag (r.data, r.length,
+ &cl, &ty, &tag2, NULL);
++ if (ret)
++ krb5_err(context, 1, ret, "Could not decode replay data");
+ if (MAKE_TAG(cl, ty, 0) != clty)
+ krb5_errx(context, 1, "class|type mismatch: %d != %d",
+ (int)MAKE_TAG(cl, ty, 0), (int)clty);
+--- crypto/heimdal/kdc/krb5tgs.c.orig
++++ crypto/heimdal/kdc/krb5tgs.c
+@@ -1928,30 +1928,40 @@
+ if (ret)
+ goto out;
+
++ ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags,
++ NULL, &s4u2self_impersonated_clientdb,
++ &s4u2self_impersonated_client);
++ if (ret) {
++ const char *msg;
++
++ /*
++ * If the client belongs to the same realm as our krbtgt, it
++ * should exist in the local database.
++ *
++ */
++
++ if (ret == HDB_ERR_NOENTRY)
++ ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
++ msg = krb5_get_error_message(context, ret);
++ kdc_log(context, config, 2,
++ "S4U2Self principal to impersonate %s not found in database: %s",
++ tpn, msg);
++ krb5_free_error_message(context, msg);
++ goto out;
++ }
++
++ free(s4u2self_impersonated_client->entry.pw_end);
++ s4u2self_impersonated_client->entry.pw_end = NULL;
++
++ ret = kdc_check_flags(context, config, s4u2self_impersonated_client, tpn,
++ NULL, NULL, FALSE);
++ if (ret)
++ goto out;
++
+ /* If we were about to put a PAC into the ticket, we better fix it to be the right PAC */
+ if(rspac.data) {
+ krb5_pac p = NULL;
+ krb5_data_free(&rspac);
+- ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags,
+- NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client);
+- if (ret) {
+- const char *msg;
+-
+- /*
+- * If the client belongs to the same realm as our krbtgt, it
+- * should exist in the local database.
+- *
+- */
+-
+- if (ret == HDB_ERR_NOENTRY)
+- ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+- msg = krb5_get_error_message(context, ret);
+- kdc_log(context, config, 1,
+- "S2U4Self principal to impersonate %s not found in database: %s",
+- tpn, msg);
+- krb5_free_error_message(context, msg);
+- goto out;
+- }
+ ret = _kdc_pac_generate(context, s4u2self_impersonated_client, &p);
+ if (ret) {
+ kdc_log(context, config, 0, "PAC generation failed for -- %s",
+@@ -1987,10 +1997,12 @@
+
+ /*
+ * If the service isn't trusted for authentication to
+- * delegation, remove the forward flag.
++ * delegation or if the impersonate client is disallowed
++ * forwardable, remove the forwardable flag.
+ */
+
+- if (client->entry.flags.trusted_for_delegation) {
++ if (client->entry.flags.trusted_for_delegation &&
++ s4u2self_impersonated_client->entry.flags.forwardable) {
+ str = "[forwardable]";
+ } else {
+ b->kdc_options.forwardable = 0;
+--- crypto/heimdal/kdc/kstash.c.orig
++++ crypto/heimdal/kdc/kstash.c
+@@ -126,6 +126,8 @@
+ krb5_string_to_key_salt(context, enctype, buf, salt, &key);
+ }
+ ret = hdb_add_master_key(context, &key, &mkey);
++ if (ret)
++ krb5_err(context, 1, ret, "hdb_add_master_key");
+
+ krb5_free_keyblock_contents(context, &key);
+
+--- crypto/heimdal/kdc/pkinit.c.orig
++++ crypto/heimdal/kdc/pkinit.c
+@@ -249,7 +249,6 @@
+ memset(dh_gen_key, 0, size);
+ }
+
+- ret = 0;
+ #ifdef HAVE_OPENSSL
+ } else if (client_params->keyex == USE_ECDH) {
+
+--- crypto/heimdal/kuser/kdestroy.c.orig
++++ crypto/heimdal/kuser/kdestroy.c
+@@ -90,7 +90,9 @@
+ }
+
+ argc -= optidx;
++#ifndef __clang_analyzer__
+ argv += optidx;
++#endif
+
+ if (argc != 0)
+ usage (1);
+--- crypto/heimdal/kuser/kswitch.c.orig
++++ crypto/heimdal/kuser/kswitch.c
+@@ -86,14 +86,15 @@
+ krb5_err(kcc_context, 1, ret, "krb5_cc_cache_get_first");
+
+ while (krb5_cc_cache_next(kcc_context, cursor, &id) == 0) {
+- krb5_principal p;
++ krb5_principal p = NULL;
+ char num[10];
+
+ ret = krb5_cc_get_principal(kcc_context, id, &p);
++ if (ret == 0)
++ ret = krb5_unparse_name(kcc_context, p, &name);
+ if (ret)
+ continue;
+
+- ret = krb5_unparse_name(kcc_context, p, &name);
+ krb5_free_principal(kcc_context, p);
+
+ snprintf(num, sizeof(num), "%d", (int)(len + 1));
+--- crypto/heimdal/lib/asn1/der_copy.c.orig
++++ crypto/heimdal/lib/asn1/der_copy.c
+@@ -135,8 +135,12 @@
+ der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to)
+ {
+ to->length = from->length;
+- to->data = malloc(to->length);
+- if(to->length != 0 && to->data == NULL)
++ if (from->data == NULL) {
++ to->data = NULL;
++ return 0;
++ }
++ to->data = malloc(to->length);
++ if (to->length != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, to->length);
+ return 0;
+--- crypto/heimdal/lib/asn1/gen_decode.c.orig
++++ crypto/heimdal/lib/asn1/gen_decode.c
+@@ -584,14 +584,14 @@
+ classname(cl),
+ ty ? "CONS" : "PRIM",
+ valuename(cl, tag));
++ fprintf(codefile,
++ "(%s)->element = %s;\n",
++ name, m->label);
+ if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
+ name, m->gen_name) < 0 || s == NULL)
+ errx(1, "malloc");
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
+ depth + 1);
+- fprintf(codefile,
+- "(%s)->element = %s;\n",
+- name, m->label);
+ free(s);
+ fprintf(codefile,
+ "}\n");
+@@ -600,23 +600,23 @@
+ if (have_ellipsis) {
+ fprintf(codefile,
+ "else {\n"
++ "(%s)->element = %s;\n"
+ "(%s)->u.%s.data = calloc(1, len);\n"
+ "if ((%s)->u.%s.data == NULL) {\n"
+ "e = ENOMEM; %s;\n"
+ "}\n"
+ "(%s)->u.%s.length = len;\n"
+ "memcpy((%s)->u.%s.data, p, len);\n"
+- "(%s)->element = %s;\n"
+ "p += len;\n"
+ "ret += len;\n"
+ "len = 0;\n"
+ "}\n",
++ name, have_ellipsis->label,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name,
+ forwstr,
+ name, have_ellipsis->gen_name,
+- name, have_ellipsis->gen_name,
+- name, have_ellipsis->label);
++ name, have_ellipsis->gen_name);
+ } else {
+ fprintf(codefile,
+ "else {\n"
+--- crypto/heimdal/lib/asn1/gen_free.c.orig
++++ crypto/heimdal/lib/asn1/gen_free.c
+@@ -61,6 +61,13 @@
+ case TNull:
+ case TGeneralizedTime:
+ case TUTCTime:
++ /*
++ * This doesn't do much, but it leaves zeros where garbage might
++ * otherwise have been found. Gets us closer to having the equivalent
++ * of a memset()-to-zero data structure after calling the free
++ * functions.
++ */
++ fprintf(codefile, "*%s = 0;\n", name);
+ break;
+ case TBitString:
+ if (ASN1_TAILQ_EMPTY(t->members))
+--- crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c.orig
++++ crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c
+@@ -425,6 +425,7 @@
+ * lets only send the error token on clock skew, that
+ * limit when send error token for non-MUTUAL.
+ */
++ free_Authenticator(ctx->auth_context->authenticator);
+ return send_error_token(minor_status, context, kret,
+ server, &indata, output_token);
+ } else if (kret) {
+--- crypto/heimdal/lib/gssapi/krb5/arcfour.c.orig
++++ crypto/heimdal/lib/gssapi/krb5/arcfour.c
+@@ -307,7 +307,7 @@
+ return GSS_S_FAILURE;
+ }
+
+- cmp = ct_memcmp(cksum_data, p + 8, 8);
++ cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0);
+ if (cmp) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+@@ -331,9 +331,9 @@
+ _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+- cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
++ cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0);
+ else
+- cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
++ cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0);
+
+ memset(SND_SEQ, 0, sizeof(SND_SEQ));
+ if (cmp != 0) {
+@@ -616,9 +616,9 @@
+ _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+- cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
++ cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0);
+ else
+- cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
++ cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0);
+
+ if (cmp != 0) {
+ *minor_status = 0;
+@@ -695,7 +695,7 @@
+ return GSS_S_FAILURE;
+ }
+
+- cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */
+ if (cmp) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = 0;
+--- crypto/heimdal/lib/gssapi/krb5/decapsulate.c.orig
++++ crypto/heimdal/lib/gssapi/krb5/decapsulate.c
+@@ -54,6 +54,8 @@
+ e = der_get_length (p, total_len - 1, &len, &len_len);
+ if (e || 1 + len_len + len != total_len)
+ return -1;
++ if (total_len < 1 + len_len + 1)
++ return -1;
+ p += len_len;
+ if (*p++ != 0x06)
+ return -1;
+@@ -80,6 +82,10 @@
+
+ if (mech_len != mech->length)
+ return GSS_S_BAD_MECH;
++ if (mech_len > total_len)
++ return GSS_S_BAD_MECH;
++ if (p - *str > total_len - mech_len)
++ return GSS_S_BAD_MECH;
+ if (ct_memcmp(p,
+ mech->elements,
+ mech->length) != 0)
+@@ -190,13 +196,13 @@
+ size_t padlength;
+ int i;
+
+- pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
+- padlength = *pad;
++ pad = (u_char *)wrapped_token->value + wrapped_token->length;
++ padlength = pad[-1];
+
+ if (padlength > datalen)
+ return GSS_S_BAD_MECH;
+
+- for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
++ for (i = padlength; i > 0 && *--pad == padlength; i--)
+ ;
+ if (i != 0)
+ return GSS_S_BAD_MIC;
+--- crypto/heimdal/lib/gssapi/krb5/unwrap.c.orig
++++ crypto/heimdal/lib/gssapi/krb5/unwrap.c
+@@ -64,6 +64,8 @@
+
+ if (IS_DCE_STYLE(context_handle)) {
+ token_len = 22 + 8 + 15; /* 45 */
++ if (input_message_buffer->length < token_len)
++ return GSS_S_BAD_MECH;
+ } else {
+ token_len = input_message_buffer->length;
+ }
+@@ -76,6 +78,11 @@
+ if (ret)
+ return ret;
+
++ len = (p - (u_char *)input_message_buffer->value)
++ + 22 + 8;
++ if (input_message_buffer->length < len)
++ return GSS_S_BAD_MECH;
++
+ if (memcmp (p, "\x00\x00", 2) != 0)
+ return GSS_S_BAD_SIG;
+ p += 2;
+@@ -122,7 +129,7 @@
+ } else {
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+- input_message_buffer->length - len,
++ input_message_buffer->length - len - 8,
+ &padlength);
+ if (ret)
+ return ret;
+@@ -195,9 +202,10 @@
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+ return GSS_S_FAILURE;
+- memcpy (output_message_buffer->value,
+- p + 24,
+- output_message_buffer->length);
++ if (output_message_buffer->value != NULL)
++ memcpy (output_message_buffer->value,
++ p + 24,
++ output_message_buffer->length);
+ return GSS_S_COMPLETE;
+ }
+ #endif
+@@ -230,6 +238,8 @@
+
+ if (IS_DCE_STYLE(context_handle)) {
+ token_len = 34 + 8 + 15; /* 57 */
++ if (input_message_buffer->length < token_len)
++ return GSS_S_BAD_MECH;
+ } else {
+ token_len = input_message_buffer->length;
+ }
+@@ -242,7 +252,12 @@
+ if (ret)
+ return ret;
+
+- if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
++ len = (p - (u_char *)input_message_buffer->value)
++ + 34 + 8;
++ if (input_message_buffer->length < len)
++ return GSS_S_BAD_MECH;
++
++ if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (ct_memcmp (p, "\x02\x00", 2) == 0) {
+@@ -289,7 +304,7 @@
+ } else {
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+- input_message_buffer->length - len,
++ input_message_buffer->length - len - 8,
+ &padlength);
+ if (ret)
+ return ret;
+@@ -389,9 +404,10 @@
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+ return GSS_S_FAILURE;
+- memcpy (output_message_buffer->value,
+- p + 36,
+- output_message_buffer->length);
++ if (output_message_buffer->value != NULL)
++ memcpy (output_message_buffer->value,
++ p + 36,
++ output_message_buffer->length);
+ return GSS_S_COMPLETE;
+ }
+
+--- crypto/heimdal/lib/gssapi/mech/gss_display_status.c.orig
++++ crypto/heimdal/lib/gssapi/mech/gss_display_status.c
+@@ -91,8 +91,7 @@
+ "Incorrect channel bindings were supplied",
+ "An invalid status code was supplied",
+ "A token had an invalid MIC",
+- "No credentials were supplied, "
+- "or the credentials were unavailable or inaccessible.",
++ "No credentials were supplied, or the credentials were unavailable or inaccessible.",
+ "No context has been established",
+ "A token was invalid",
+ "A credential was invalid",
+--- crypto/heimdal/lib/gssapi/mech/gss_import_name.c.orig
++++ crypto/heimdal/lib/gssapi/mech/gss_import_name.c
+@@ -113,7 +113,7 @@
+ len -= t;
+
+ t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+- p += 4;
++ /* p += 4; */
+ len -= 4;
+
+ if (!composite && len != t)
+--- crypto/heimdal/lib/gssapi/mech/gss_mech_switch.c.orig
++++ crypto/heimdal/lib/gssapi/mech/gss_mech_switch.c
+@@ -137,6 +137,8 @@
+ }
+ }
+ }
++ if (byte_count == 0)
++ return EINVAL;
+ if (!res) {
+ res = malloc(byte_count);
+ if (!res)
+--- crypto/heimdal/lib/gssapi/mech/mech_locl.h.orig
++++ crypto/heimdal/lib/gssapi/mech/mech_locl.h
+@@ -51,6 +51,7 @@
+
+ #include
+
++#include
+ #include
+ #include
+ #include
+--- crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c.orig
++++ crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c
+@@ -52,6 +52,8 @@
+ continue;
+ str = NULL;
+ d = strtok_r(buf, ":", &str);
++ if (!d)
++ continue;
+ if (d && strcasecmp(target_domain, d) != 0)
+ continue;
+ u = strtok_r(NULL, ":", &str);
+--- crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c.orig
++++ crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
+@@ -619,13 +619,15 @@
+ if (ret == 0)
+ break;
+ }
+- if (preferred_mech_type == GSS_C_NO_OID) {
+- HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+- free_NegotiationToken(&nt);
+- return ret;
+- }
++ }
++
++ ctx->preferred_mech_type = preferred_mech_type;
+
+- ctx->preferred_mech_type = preferred_mech_type;
++ if (preferred_mech_type == GSS_C_NO_OID) {
++ send_reject(minor_status, output_token);
++ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
++ free_NegotiationToken(&nt);
++ return ret;
+ }
+
+ /*
+--- crypto/heimdal/lib/hdb/hdb-mitdb.c.orig
++++ crypto/heimdal/lib/hdb/hdb-mitdb.c
+@@ -720,7 +720,6 @@
+ krb5_error_code code;
+ krb5_data key;
+
+- mdb_principal2key(context, principal, &key);
+ code = db->hdb__del(context, db, key);
+ krb5_data_free(&key);
+ return code;
+--- crypto/heimdal/lib/hx509/hxtool.c.orig
++++ crypto/heimdal/lib/hx509/hxtool.c
+@@ -1288,6 +1288,7 @@
+ const char *outfile = argv[0];
+
+ memset(&key, 0, sizeof(key));
++ memset(&signer, 0, sizeof(signer));
+
+ get_key(opt->key_string,
+ opt->generate_key_string,
+--- crypto/heimdal/lib/hx509/ks_file.c.orig
++++ crypto/heimdal/lib/hx509/ks_file.c
+@@ -533,7 +533,7 @@
+ {
+ struct store_ctx *sc = ctx;
+ heim_octet_string data;
+- int ret;
++ int ret = 0;
+
+ ret = hx509_cert_binary(context, c, &data);
+ if (ret)
+@@ -554,14 +554,14 @@
+ HX509_KEY_FORMAT_DER, &data);
+ if (ret)
+ break;
+- hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f,
+- data.data, data.length);
++ ret = hx509_pem_write(context, _hx509_private_pem_name(key), NULL,
++ sc->f, data.data, data.length);
+ free(data.data);
+ }
+ break;
+ }
+
+- return 0;
++ return ret;
+ }
+
+ static int
+--- crypto/heimdal/lib/hx509/name.c.orig
++++ crypto/heimdal/lib/hx509/name.c
+@@ -938,6 +938,7 @@
+ hx509_general_name_unparse(GeneralName *name, char **str)
+ {
+ struct rk_strpool *strpool = NULL;
++ int ret = 0;
+
+ *str = NULL;
+
+@@ -964,7 +965,6 @@
+ case choice_GeneralName_directoryName: {
+ Name dir;
+ char *s;
+- int ret;
+ memset(&dir, 0, sizeof(dir));
+ dir.element = name->u.directoryName.element;
+ dir.u.rdnSequence = name->u.directoryName.u.rdnSequence;
+@@ -1017,10 +1017,9 @@
+ default:
+ return EINVAL;
+ }
+- if (strpool == NULL)
++ if (ret)
++ rk_strpoolfree(strpool);
++ else if (strpool == NULL || (*str = rk_strpoolcollect(strpool)) == NULL)
+ return ENOMEM;
+-
+- *str = rk_strpoolcollect(strpool);
+-
+- return 0;
++ return ret;
+ }
+--- crypto/heimdal/lib/hx509/softp11.c.orig
++++ crypto/heimdal/lib/hx509/softp11.c
+@@ -342,6 +342,9 @@
+ struct st_attr *a;
+ int i;
+
++ if (pValue == NULL && ulValueLen)
++ return CKR_ARGUMENTS_BAD;
++
+ i = o->num_attributes;
+ a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
+ if (a == NULL)
+@@ -352,7 +355,8 @@
+ o->attrs[i].attribute.pValue = malloc(ulValueLen);
+ if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
+ return CKR_DEVICE_MEMORY;
+- memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
++ if (ulValueLen)
++ memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
+ o->attrs[i].attribute.ulValueLen = ulValueLen;
+ o->num_attributes++;
+
+--- crypto/heimdal/lib/ipc/client.c.orig
++++ crypto/heimdal/lib/ipc/client.c
+@@ -332,10 +332,8 @@
+ return errno;
+ rk_cloexec(s->fd);
+
+- if (connect(s->fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+- close(s->fd);
++ if (connect(s->fd, (struct sockaddr *)&addr, sizeof(addr)) != 0)
+ return errno;
+- }
+
+ return 0;
+ }
+--- crypto/heimdal/lib/kadm5/get_s.c.orig
++++ crypto/heimdal/lib/kadm5/get_s.c
+@@ -246,7 +246,7 @@
+ ret = hdb_entry_get_password(context->context,
+ context->db, &ent.entry, &pw);
+ if (ret == 0) {
+- ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
++ (void) add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
+ free(pw);
+ }
+ krb5_clear_error_message(context->context);
+--- crypto/heimdal/lib/kadm5/init_c.c.orig
++++ crypto/heimdal/lib/kadm5/init_c.c
+@@ -567,7 +567,7 @@
+ void **server_handle)
+ {
+ kadm5_ret_t ret;
+- kadm5_client_context *ctx;
++ kadm5_client_context *ctx = NULL;
+ krb5_ccache cc;
+
+ ret = _kadm5_c_init_context(&ctx, realm_params, context);
+--- crypto/heimdal/lib/kadm5/ipropd_master.c.orig
++++ crypto/heimdal/lib/kadm5/ipropd_master.c
+@@ -755,7 +755,10 @@
+ rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up");
+
+ ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE);
+- rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
++ if (ret)
++ rtbl_add_column_entry(tbl, SLAVE_SEEN, "");
++ else
++ rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
+
+ slaves = slaves->next;
+ }
+--- crypto/heimdal/lib/kafs/afskrb5.c.orig
++++ crypto/heimdal/lib/kafs/afskrb5.c
+@@ -89,8 +89,6 @@
+ return ENOMEM;
+ kt->ticket_len = cred->ticket.length;
+ memcpy(kt->ticket, cred->ticket.data, kt->ticket_len);
+-
+- ret = 0;
+ }
+
+
+--- crypto/heimdal/lib/krb5/acl.c.orig
++++ crypto/heimdal/lib/krb5/acl.c
+@@ -248,7 +248,7 @@
+ ...)
+ {
+ krb5_error_code ret;
+- struct acl_field *acl;
++ struct acl_field *acl = NULL;
+ char buf[256];
+ va_list ap;
+ FILE *f;
+--- crypto/heimdal/lib/krb5/addr_families.c.orig
++++ crypto/heimdal/lib/krb5/addr_families.c
+@@ -525,7 +525,7 @@
+ return ret;
+ }
+
+- if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
++ if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) {
+ krb5_free_addresses(context, &low);
+ krb5_free_addresses(context, &high);
+ return -1;
+--- crypto/heimdal/lib/krb5/context.c.orig
++++ crypto/heimdal/lib/krb5/context.c
+@@ -97,7 +97,7 @@
+ krb5_error_code ret;
+ const char * tmp;
+ char **s;
+- krb5_enctype *tmptypes;
++ krb5_enctype *tmptypes = NULL;
+
+ INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
+ INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
+--- crypto/heimdal/lib/krb5/deprecated.c.orig
++++ crypto/heimdal/lib/krb5/deprecated.c
+@@ -325,15 +325,13 @@
+
+ ret = krb5_kt_get_entry (context, real_keytab, principal,
+ 0, enctype, &entry);
++ if (ret == 0) {
++ ret = krb5_copy_keyblock (context, &entry.keyblock, key);
++ krb5_kt_free_entry(context, &entry);
++ }
+
+ if (keytab == NULL)
+ krb5_kt_close (context, real_keytab);
+-
+- if (ret)
+- return ret;
+-
+- ret = krb5_copy_keyblock (context, &entry.keyblock, key);
+- krb5_kt_free_entry(context, &entry);
+ return ret;
+ }
+
+--- crypto/heimdal/lib/krb5/init_creds_pw.c.orig
++++ crypto/heimdal/lib/krb5/init_creds_pw.c
+@@ -1491,15 +1491,13 @@
+
+ ret = krb5_kt_get_entry (context, real_keytab, principal,
+ 0, enctype, &entry);
++ if (ret == 0) {
++ ret = krb5_copy_keyblock(context, &entry.keyblock, key);
++ krb5_kt_free_entry(context, &entry);
++ }
+
+ if (keytab == NULL)
+ krb5_kt_close (context, real_keytab);
+-
+- if (ret)
+- return ret;
+-
+- ret = krb5_copy_keyblock (context, &entry.keyblock, key);
+- krb5_kt_free_entry(context, &entry);
+ return ret;
+ }
+
+--- crypto/heimdal/lib/krb5/keytab.c.orig
++++ crypto/heimdal/lib/krb5/keytab.c
+@@ -348,10 +348,11 @@
+ krb5_enctype enctype,
+ krb5_keyblock **key)
+ {
+- krb5_keytab keytab;
++ krb5_keytab keytab = NULL; /* Quiet lint */
+ krb5_keytab_entry entry;
+ krb5_error_code ret;
+
++ memset(&entry, 0, sizeof(entry));
+ if (keyprocarg)
+ ret = krb5_kt_resolve (context, keyprocarg, &keytab);
+ else
+@@ -361,11 +362,11 @@
+ return ret;
+
+ ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
++ if (ret == 0) {
++ ret = krb5_copy_keyblock (context, &entry.keyblock, key);
++ krb5_kt_free_entry(context, &entry);
++ }
+ krb5_kt_close (context, keytab);
+- if (ret)
+- return ret;
+- ret = krb5_copy_keyblock (context, &entry.keyblock, key);
+- krb5_kt_free_entry(context, &entry);
+ return ret;
+ }
+
+@@ -473,11 +474,13 @@
+ krb5_kt_close(krb5_context context,
+ krb5_keytab id)
+ {
+- krb5_error_code ret;
++ krb5_error_code ret = 0;
+
+- ret = (*id->close)(context, id);
+- memset(id, 0, sizeof(*id));
+- free(id);
++ if (id) {
++ ret = (id->close)(context, id);
++ memset(id, 0, sizeof(*id));
++ free(id);
++ }
+ return ret;
+ }
+
+@@ -620,6 +623,7 @@
+ if(id->get)
+ return (*id->get)(context, id, principal, kvno, enctype, entry);
+
++ memset(&tmp, 0, sizeof(tmp));
+ ret = krb5_kt_start_seq_get (context, id, &cursor);
+ if (ret) {
+ /* This is needed for krb5_verify_init_creds, but keep error
+@@ -674,21 +678,21 @@
+ krb5_error_code ret;
+
+ memset(out, 0, sizeof(*out));
+- out->vno = in->vno;
+
+ ret = krb5_copy_principal (context, in->principal, &out->principal);
+ if (ret)
+- goto fail;
++ return ret;
+ ret = krb5_copy_keyblock_contents (context,
+ &in->keyblock,
+ &out->keyblock);
+- if (ret)
+- goto fail;
++ if (ret) {
++ krb5_free_principal(context, out->principal);
++ memset(out, 0, sizeof(*out));
++ return ret;
++ }
++ out->vno = in->vno;
+ out->timestamp = in->timestamp;
+ return 0;
+-fail:
+- krb5_kt_free_entry (context, out);
+- return ret;
+ }
+
+ /**
+@@ -869,6 +873,7 @@
+ krb5_error_code ret;
+ char *name;
+
++ memset(&entry, 0, sizeof(entry));
+ ret = krb5_kt_start_seq_get(context, id, &cursor);
+ if (ret)
+ goto notfound;
+--- crypto/heimdal/lib/krb5/krb5.h.orig
++++ crypto/heimdal/lib/krb5/krb5.h
+@@ -914,3 +914,22 @@
+
+ #endif /* __KRB5_H__ */
+
++/* clang analyzer workarounds */
++
++#ifdef __clang_analyzer__
++/*
++ * The clang analyzer (lint) can't know that krb5_enomem() always returns
++ * non-zero, so code like:
++ *
++ * if ((x = malloc(...)) == NULL)
++ * ret = krb5_enomem(context)
++ * if (ret == 0)
++ * *x = ...;
++ *
++ * causes false positives.
++ *
++ * The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM.
++ */
++#define krb5_enomem(c) (krb5_enomem(c), ENOMEM)
++#endif
++
+--- crypto/heimdal/lib/krb5/krb5_ccapi.h.orig
++++ crypto/heimdal/lib/krb5/krb5_ccapi.h
+@@ -38,7 +38,7 @@
+
+ #include
+
+- #ifdef __APPLE__
++#ifdef __APPLE__
+ #pragma pack(push,2)
+ #endif
+
+--- crypto/heimdal/lib/krb5/krbhst.c.orig
++++ crypto/heimdal/lib/krb5/krbhst.c
+@@ -96,6 +96,12 @@
+ if(rr->type == rk_ns_t_srv)
+ num_srv++;
+
++ if (num_srv == 0) {
++ _krb5_debug(context, 0,
++ "DNS SRV RR lookup domain nodata: %s", domain);
++ return KRB5_KDC_UNREACH;
++ }
++
+ *res = malloc(num_srv * sizeof(**res));
+ if(*res == NULL) {
+ rk_dns_free_data(r);
+--- crypto/heimdal/lib/krb5/pac.c.orig
++++ crypto/heimdal/lib/krb5/pac.c
+@@ -112,6 +112,56 @@
+ }
+
+
++static krb5_error_code pac_header_size(krb5_context context,
++ uint32_t num_buffers,
++ uint32_t *result)
++{
++ krb5_error_code ret;
++ uint32_t header_size;
++
++ /* Guard against integer overflow on 32-bit systems. */
++ if (num_buffers > 1000) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "PAC has too many buffers");
++ return ret;
++ }
++ header_size = PAC_INFO_BUFFER_SIZE * num_buffers;
++
++ /* Guard against integer overflow on 32-bit systems. */
++ if (header_size > UINT32_MAX - PACTYPE_SIZE) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "PAC has too many buffers");
++ return ret;
++ }
++ header_size += PACTYPE_SIZE;
++
++ *result = header_size;
++
++ return 0;
++}
++
++static krb5_error_code pac_aligned_size(krb5_context context,
++ uint32_t size,
++ uint32_t *aligned_size)
++{
++ krb5_error_code ret;
++
++ /* Guard against integer overflow on 32-bit systems. */
++ if (size > UINT32_MAX - (PAC_ALIGNMENT - 1)) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ return ret;
++ }
++ size += PAC_ALIGNMENT - 1;
++
++ /* align to PAC_ALIGNMENT */
++ size = (size / PAC_ALIGNMENT) * PAC_ALIGNMENT;
++
++ *aligned_size = size;
++
++ return 0;
++}
++
+ /*
+ *
+ */
+@@ -153,8 +203,12 @@
+ goto out;
+ }
+
+- p->pac = calloc(1,
+- sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
++ ret = pac_header_size(context, tmp, &header_end);
++ if (ret) {
++ return ret;
++ }
++
++ p->pac = calloc(1, header_end);
+ if (p->pac == NULL) {
+ ret = krb5_enomem(context);
+ goto out;
+@@ -163,7 +217,6 @@
+ p->pac->numbuffers = tmp;
+ p->pac->version = tmp2;
+
+- header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
+ if (header_end > len) {
+ ret = EINVAL;
+ goto out;
+@@ -292,37 +345,65 @@
+ {
+ krb5_error_code ret;
+ void *ptr;
+- size_t len, offset, header_end, old_end;
++ uint32_t unaligned_len, num_buffers, len, offset, header_end, old_end;
+ uint32_t i;
+
+- len = p->pac->numbuffers;
++ if (data->length > UINT32_MAX) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ return ret;
++ }
++
++ num_buffers = p->pac->numbuffers;
++
++ if (num_buffers >= UINT32_MAX) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ return ret;
++ }
++ ret = pac_header_size(context, num_buffers + 1, &header_end);
++ if (ret) {
++ return ret;
++ }
+
+- ptr = realloc(p->pac,
+- sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
++ ptr = realloc(p->pac, header_end);
+ if (ptr == NULL)
+ return krb5_enomem(context);
+
+ p->pac = ptr;
+
+- for (i = 0; i < len; i++)
++ for (i = 0; i < num_buffers; i++) {
++ if (p->pac->buffers[i].offset_lo > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ return ret;
++ }
++
+ p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
++ }
+
++ if (p->data.length > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ return ret;
++ }
+ offset = p->data.length + PAC_INFO_BUFFER_SIZE;
+
+- p->pac->buffers[len].type = type;
+- p->pac->buffers[len].buffersize = data->length;
+- p->pac->buffers[len].offset_lo = offset;
+- p->pac->buffers[len].offset_hi = 0;
++ p->pac->buffers[num_buffers].type = type;
++ p->pac->buffers[num_buffers].buffersize = data->length;
++ p->pac->buffers[num_buffers].offset_lo = offset;
++ p->pac->buffers[num_buffers].offset_hi = 0;
+
+ old_end = p->data.length;
+- len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
+- if (len < p->data.length) {
++ if (offset > UINT32_MAX - data->length) {
+ krb5_set_error_message(context, EINVAL, "integer overrun");
+ return EINVAL;
+ }
++ unaligned_len = offset + data->length;
+
+- /* align to PAC_ALIGNMENT */
+- len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
++ ret = pac_aligned_size(context, unaligned_len, &len);
++ if (ret)
++ return ret;
+
+ ret = krb5_data_realloc(&p->data, len);
+ if (ret) {
+@@ -333,7 +414,7 @@
+ /*
+ * make place for new PAC INFO BUFFER header
+ */
+- header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
++ header_end -= PAC_INFO_BUFFER_SIZE;
+ memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
+ (unsigned char *)p->data.data + header_end ,
+ old_end - header_end);
+@@ -346,7 +427,7 @@
+ memcpy((unsigned char *)p->data.data + offset,
+ data->data, data->length);
+ memset((unsigned char *)p->data.data + offset + data->length,
+- 0, p->data.length - offset - data->length);
++ 0, p->data.length - unaligned_len);
+
+ p->pac->numbuffers += 1;
+
+@@ -375,8 +456,8 @@
+ uint32_t i;
+
+ for (i = 0; i < p->pac->numbuffers; i++) {
+- const size_t len = p->pac->buffers[i].buffersize;
+- const size_t offset = p->pac->buffers[i].offset_lo;
++ const uint32_t len = p->pac->buffers[i].buffersize;
++ const uint32_t offset = p->pac->buffers[i].offset_lo;
+
+ if (p->pac->buffers[i].type != type)
+ continue;
+@@ -963,8 +1044,8 @@
+ size_t server_size, priv_size;
+ uint32_t server_offset = 0, priv_offset = 0;
+ uint32_t server_cksumtype = 0, priv_cksumtype = 0;
+- int num = 0;
+- size_t i;
++ uint32_t num = 0;
++ uint32_t i;
+ krb5_data logon, d;
+
+ krb5_data_zero(&logon);
+@@ -978,8 +1059,18 @@
+
+ if (num) {
+ void *ptr;
+-
+- ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
++ uint32_t len;
++
++ if (p->pac->numbuffers > UINT32_MAX - num) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ goto out;
++ }
++ ret = pac_header_size(context, p->pac->numbuffers + num, &len);
++ if (ret)
++ goto out;
++
++ ptr = realloc(p->pac, len);
+ if (ptr == NULL)
+ return krb5_enomem(context);
+
+@@ -1032,7 +1123,9 @@
+ CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
+ CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
+
+- end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
++ ret = pac_header_size(context, p->pac->numbuffers, &end);
++ if (ret)
++ goto out;
+
+ for (i = 0; i < p->pac->numbuffers; i++) {
+ uint32_t len;
+@@ -1042,11 +1135,31 @@
+ /* store data */
+
+ if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
++ if (server_size > UINT32_MAX - 4) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ goto out;
++ }
++ if (end > UINT32_MAX - 4) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ goto out;
++ }
+ len = server_size + 4;
+ server_offset = end + 4;
+ CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
+ CHECK(ret, fill_zeros(context, spdata, server_size), out);
+ } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
++ if (priv_size > UINT32_MAX - 4) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ goto out;
++ }
++ if (end > UINT32_MAX - 4) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ goto out;
++ }
+ len = priv_size + 4;
+ priv_offset = end + 4;
+ CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
+@@ -1077,11 +1190,20 @@
+
+ /* advance data endpointer and align */
+ {
+- int32_t e;
++ uint32_t e;
+
++ if (end > UINT32_MAX - len) {
++ ret = EINVAL;
++ krb5_set_error_message(context, ret, "integer overrun");
++ goto out;
++ }
+ end += len;
+- e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
+- if ((int32_t)end != e) {
++
++ ret = pac_aligned_size(context, end, &e);
++ if (ret)
++ goto out;
++
++ if (end != e) {
+ CHECK(ret, fill_zeros(context, spdata, e - end), out);
+ }
+ end = e;
+--- crypto/heimdal/lib/krb5/rd_req.c.orig
++++ crypto/heimdal/lib/krb5/rd_req.c
+@@ -802,11 +802,10 @@
+ kvno,
+ ap_req->ticket.enc_part.etype,
+ &entry);
+- if(ret)
+- goto out;
+- ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
+- krb5_kt_free_entry (context, &entry);
+-out:
++ if(ret == 0) {
++ ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
++ krb5_kt_free_entry(context, &entry);
++ }
+ if(keytab == NULL)
+ krb5_kt_close(context, real_keytab);
+
+--- crypto/heimdal/lib/krb5/test_store.c.orig
++++ crypto/heimdal/lib/krb5/test_store.c
+@@ -64,7 +64,7 @@
+ krb5_error_code ret;
+ int i;
+ int16_t val[] = {
+- 0, 1, -1, 32768, -32767
++ 0, 1, -1, 32767, -32768
+ }, v;
+
+ krb5_storage_truncate(sp, 0);
+--- crypto/heimdal/lib/krb5/transited.c.orig
++++ crypto/heimdal/lib/krb5/transited.c
+@@ -281,6 +281,7 @@
+ r = make_realm(tmp);
+ if(r == NULL){
+ free_realms(*realms);
++ *realms = NULL;
+ return krb5_enomem(context);
+ }
+ *realms = append_realm(*realms, r);
+@@ -289,7 +290,8 @@
+ }
+ tmp = malloc(tr + i - start + 1);
+ if(tmp == NULL){
+- free(*realms);
++ free_realms(*realms);
++ *realms = NULL;
+ return krb5_enomem(context);
+ }
+ memcpy(tmp, start, tr + i - start);
+@@ -297,6 +299,7 @@
+ r = make_realm(tmp);
+ if(r == NULL){
+ free_realms(*realms);
++ *realms = NULL;
+ return krb5_enomem(context);
+ }
+ *realms = append_realm(*realms, r);
+--- crypto/heimdal/lib/roken/getaddrinfo.c.orig
++++ crypto/heimdal/lib/roken/getaddrinfo.c
+@@ -188,7 +188,7 @@
+ struct addrinfo *first = NULL;
+ struct addrinfo **current = &first;
+ int family = PF_UNSPEC;
+- int ret;
++ int ret = 0;
+
+ if (hints != NULL)
+ family = hints->ai_family;
+@@ -209,6 +209,8 @@
+ if (family == PF_INET6 || family == PF_UNSPEC) {
+ ret = add_one (port, protocol, socktype,
+ ¤t, const_v6, &v6_addr, NULL);
++ if (ret)
++ return ret;
+ }
+ #endif
+ if (family == PF_INET || family == PF_UNSPEC) {
+@@ -216,7 +218,7 @@
+ ¤t, const_v4, &v4_addr, NULL);
+ }
+ *res = first;
+- return 0;
++ return ret;
+ }
+
+ static int
+--- crypto/heimdal/lib/wind/idn-lookup.c.orig
++++ crypto/heimdal/lib/wind/idn-lookup.c
+@@ -156,7 +156,9 @@
+ if (argc == 0)
+ usage(1);
+
+- for (i = 0; i < argc; ++i)
+- lookup(argv[i]);
++ for (i = 0; i < argc; ++i) {
++ if (argv[i][0]) /* Quiet lint */
++ lookup(argv[i]);
++ }
+ return 0;
+ }
+--- crypto/heimdal/lib/wind/normalize.c.orig
++++ crypto/heimdal/lib/wind/normalize.c
+@@ -227,9 +227,9 @@
+ unsigned i;
+
+ if (n % 5 == 0) {
+- cur = *in++;
+ if (in_len-- == 0)
+ return c->val;
++ cur = *in++;
+ }
+
+ i = cur >> 16;
+--
diff --git a/website/static/security/patches/SA-22:14/heimdal.patch.asc b/website/static/security/patches/SA-22:14/heimdal.patch.asc
new file mode 100644
index 0000000000..6a52815c7b
--- /dev/null
+++ b/website/static/security/patches/SA-22:14/heimdal.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmN0UegACgkQ05eS9J6n
+5cJ4Hw/9EfLIPmMJXJOuvis32b0mo2vauTz+cU/e9HSM3++5HzPT5M/KIbevpMVh
+qM/LRZdFasazQ3qxwEcv/MZqOmA/X03ONQHAndhElEEPBZ+uohgZBZUuDFKYAOAS
+a3SW2Qk+EjD0zg01HKZEtQqodlozu1auDBVPfKVNdqlGDOB3SmAc1p6pDuMVzize
+tXPkAdV1t2E9wz/9pLYW3XnBb753RcFpaAQxemNpvorlmdAPzdQIvvsdtbTRUzHw
+rgeG6jfZadBZWYJunosZtT8Kv86PJwrUahHKKCYiFSORL1S3a0bTKEXKfNRrkWdy
+AaevyvAKuCQIGISCKOosGF+CenJKfQjRRiFrah2sFdasOX49M2qXV8Df8YbIweHg
+YkgeBXWBHE+sdIzZZa0PLdq8oaktHp799kkWejZe0PFCdCdacgKPryipEDl884L1
+2KZMX3hY2FggAlvGpCbA8XLONEnTBlJPWs63sMUDWDipnbC9Zgp+6RBpVgXc7I1W
+tFcIj5imdRvprGrZPxYpTZSoeqxsmcoKIB4Rjx1qp3b452sBlOmxerl/norV5qgz
+Z3z47s55hsmpERUJ6u16j05L+JsJdGBFvYLUxXnXAuKvMHrf5tnliUKCICcr83PS
+qoZvQeQS+R184ZdvtB1ZeIZfLJ3O0aiMM3AwSjMFt11v2nM/55U=
+=4yiu
+-----END PGP SIGNATURE-----