Hi. Florian Weimer noticed that the krb5 changelog in squeeze was missing a CVE that was fixed in the patch applied. He proposes to make a new upload that corrects the changelog so that people who track security issues from the changelog will find the fix:
I have updated the changelog to this: | krb5 (1.8.3+dfsg-4squeeze5) squeeze-security; urgency=high | | * CVE-2011-1529: null pointer dereference in KDC LDAP back end, | Closes: #629558 | * CVE-2011-1528: assertion failure in multiple KDC back ends | regarding account lockout | | -- Sam Hartman <[email protected]> Wed, 19 Oct 2011 11:55:43 -0400 (squeeze3 and squeeze4 were internal versions while he was trying to get the text right) Would it make sense to upload this? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
