{"old": "/home/jenkins/agent/workspace/multiarch/src-openeuler/aarch64/krb5/old_rpms/", "new": "/home/jenkins/agent/workspace/multiarch/src-openeuler/aarch64/krb5/new_rpms/", "compare_result": "pass", "compare_details": {"same": {"same_details": {"old": ["krb5-libs-1.21.2-18.oe2403sp3.aarch64.rpm", "krb5-devel-1.21.2-18.oe2403sp3.aarch64.rpm", "krb5-client-1.21.2-18.oe2403sp3.aarch64.rpm", "krb5-1.21.2-18.oe2403sp3.aarch64.rpm", "krb5-server-1.21.2-18.oe2403sp3.aarch64.rpm"], "new": ["krb5-libs-1.21.2-21.oe2403sp3.aarch64.rpm", "krb5-devel-1.21.2-21.oe2403sp3.aarch64.rpm", "krb5-client-1.21.2-21.oe2403sp3.aarch64.rpm", "krb5-1.21.2-21.oe2403sp3.aarch64.rpm", "krb5-server-1.21.2-21.oe2403sp3.aarch64.rpm"]}, "same_num": 5}, "diff": {"diff_details": {"krb5-libs": {"name": {"old": "krb5-libs-1.21.2-18.oe2403sp3.aarch64.rpm", "new": "krb5-libs-1.21.2-21.oe2403sp3.aarch64.rpm"}, "RPM Level": "level1", "rpm requires": {}, "rpm provides": {}, "rpm files": {}, "rpm config": {}, "rpm abi": {}, "rpm lib": {}, "rpm symbol": {}}, "krb5-devel": {"name": {"old": "krb5-devel-1.21.2-18.oe2403sp3.aarch64.rpm", "new": "krb5-devel-1.21.2-21.oe2403sp3.aarch64.rpm"}, "RPM Level": "level4", "rpm requires": {}, "rpm provides": {}, "rpm files": {}, "rpm header": {}, "rpm cmd": {}, "rpm symbol": {}}, "krb5-client": {"name": {"old": "krb5-client-1.21.2-18.oe2403sp3.aarch64.rpm", "new": "krb5-client-1.21.2-21.oe2403sp3.aarch64.rpm"}, "RPM Level": "level4", "rpm requires": {}, "rpm provides": {}, "rpm files": {}, "rpm cmd": {}, "rpm symbol": {}}, "krb5": {"name": {"old": "krb5-1.21.2-18.oe2403sp3.aarch64.rpm", "new": "krb5-1.21.2-21.oe2403sp3.aarch64.rpm"}, "RPM Level": "level1", "rpm requires": {}, "rpm provides": {}, "rpm files": {}, "rpm abi": {}, "rpm lib": {}, "rpm symbol": {}}, "krb5-server": {"name": {"old": "krb5-server-1.21.2-18.oe2403sp3.aarch64.rpm", "new": "krb5-server-1.21.2-21.oe2403sp3.aarch64.rpm"}, "RPM Level": "level1", "rpm requires": {}, "rpm provides": {}, "rpm files": {}, "rpm abi": {}, "rpm service": {}, "rpm cmd": {}, "rpm lib": {}, "rpm symbol": {}}}, "diff_num": 0}, "less": {"less_details": {}, "less_num": 0}, "more": {"more_details": {}, "more_num": 0}}, "pr_link": "https://gitcode.com/src-openeuler/krb5/pull/289", "pr_changelog": "* Tue Jun 16 2026 lizhengde <lizhengde@xfusion.com> - 1.21.2-21\n- Type:CVE\n- CVE:CVE-2026-11850\n- SUG:NA\n- DESC:Prevent read overrun in libkdb_ldap. In the LDAP KDB\n- backend, the function berval2tl_data() in\n- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c computes\n- tl_data_length as in->bv_len - 2. If a caller supplies a\n- berval whose bv_len is less than 2 bytes, the subtraction\n- underflows and the subsequent malloc() and copy read past the\n- end of the input buffer (read overrun). Reject inputs with\n- bv_len < 2 by returning EINVAL before any allocation. The\n- security impact is limited because an attacker would have to\n- control the KDB LDAP server, but defensive coding requires\n- rejecting invalid inputs. Backport of upstream krb5 commit\n- 2a5fd83d4436583f2ddc0e193269a4d800ee45c4 to openEuler\n- 24.03-LTS-SP3 (krb5 1.21.2).\n"}