Update changelog with another fix and more details

author Russ Allbery <rra@debian.org>

Fri, 7 Jan 2011 04:13:17 +0000 (20:13 -0800)

committer Russ Allbery <rra@debian.org>

Fri, 7 Jan 2011 04:13:17 +0000 (20:13 -0800)
author Russ Allbery <rra@debian.org>
Fri, 7 Jan 2011 04:13:17 +0000 (20:13 -0800)
committer Russ Allbery <rra@debian.org>
Fri, 7 Jan 2011 04:13:17 +0000 (20:13 -0800)
diff --git a/debian/changelog b/debian/changelog

index 684ffe5b6769c56d315b03be41b2a761e2f73b73..7a99c34cf8b1c89f2846e81ef22092945c7beaef 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,13 @@
  openafs (1.4.7.dfsg1-6+lenny3) stable-security; urgency=high
  
-  * Apply upstream security fix:
-    - [707a959c] update ticket5 from heimdal
+  * Apply upstream security fixes:
+    - [707a959c] update ticket5 from heimdal.  Avoids a double-free (from
+      upstream) which basically allows an arbitrary attack against any
+      krb5-aware Rx service by exploiting when the double-free occurs in
+      asn1 payloads which came from the wire.
+    - [beaf1606] LINUX: Use correct type of error in flock code.  This
+      avoids dereferencing a pointer that is not a pointer due to failing
+      to properly ERR_PTR a return value.
  
   -- Russ Allbery <rra@debian.org>  Wed, 29 Dec 2010 10:34:16 -0800
author	Russ Allbery <rra@debian.org>
	Fri, 7 Jan 2011 04:13:17 +0000 (20:13 -0800)
committer	Russ Allbery <rra@debian.org>
	Fri, 7 Jan 2011 04:13:17 +0000 (20:13 -0800)