It was noticed during the Heimdal 8.0 upgrade that there was a use-after-free due to talloc_steal() rather than talloc_strdup of PAC elements in the Samba authorization code.
*** This bug has been marked as a duplicate of bug 14993 ***