From: Russ Allbery <rra@debian.org>
Date: Mon, 22 Jul 2013 22:50:37 +0000 (-0700)
Subject: Add changelog entry for upstream security patches
X-Git-Tag: debian/1.4.12.1+dfsg-4+squeeze2~6
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=01bad3680fdf31658f9a2104206fe689afc210da;p=packages%2Fo%2Fopenafs.git

Add changelog entry for upstream security patches
---

diff --git a/debian/changelog b/debian/changelog
index e355e74a1..ac626dc90 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+openafs (1.4.12.1+dfsg-4+squeeze2) UNRELEASED; urgency=high
+
+  * Apply upstream security patches:
+    - OPENAFS-SA-2013-003: New support for non-DES enctypes in the
+      long-lived AFS key.  This requires deploying rxkad.keytab files on
+      each server containing all of the encryption types for the cell AFS
+      key.  Once this is deployed on servers, DES will only be used for
+      the session key.  Once deployed on all clients, a stronger security
+      mechanism will be used that allows the DES keys to be removed from
+      the AFS principal in the Kerberos KDC (but still uses DES for some
+      session encryption purposes).  (CVE-2013-4134)
+    - OPENAFS-SA-2013-004: Properly support the -encrypt option in vos,
+      including with -localauth.  (CVE-2013-4135)
+
+ -- Russ Allbery <rra@debian.org>  Mon, 22 Jul 2013 15:27:04 -0700
+
 openafs (1.4.12.1+dfsg-4+squeeze1) stable-security; urgency=high
 
   * Apply upstream security patches: