Bug 15134 CVE-2022-3437 [SECURITY] "Heimdal des/des3 overflow" was correctly backported in Samba, however the Heimdal issued patch for Heimdal 7.1 sadly inverted important memory comparisons in the arcfour-hmac-md5 / rc4-hmac integrity check handler. This was found by Helmut Grohne and notifications are being handled by Salvatore Bonaccorso of the Debian security team. The purpose of this bug is simply to record that a CVE recently issued to Samba but left unused is being used for this issue, and to point any concerned persons at when this is made public.