From: Russ Allbery <rra@debian.org>
Date: Fri, 7 Jan 2011 04:16:53 +0000 (-0800)
Subject: Flesh out changelog for the security fixes
X-Git-Tag: debian/1.4.12.1+dfsg-4~2
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=13564c50bd721939ee21a794f56c8f379d4af7c9;p=packages%2Fo%2Fopenafs.git

Flesh out changelog for the security fixes
---

diff --git a/debian/changelog b/debian/changelog
index ebebf21a2..0b2538012 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
 openafs (1.4.12.1+dfsg-4) UNRELEASED; urgency=low
 
   * Apply upstream deltas:
-    - [707a959c] update ticket5 from heimdal
-    - [beaf1606] LINUX: Use correct type of error in flock code
+    - [707a959c] update ticket5 from heimdal.  Avoids a double-free (from
+      upstream) which basically allows an arbitrary attack against any
+      krb5-aware Rx service by exploiting when the double-free occurs in
+      asn1 payloads which came from the wire.
+    - [beaf1606] LINUX: Use correct type of error in flock code.  This
+      avoids dereferencing a pointer that is not a pointer due to failing
+      to properly ERR_PTR a return value.
   * Add a dependency on libc6-dev to openafs-modules-dkms.  dkms doesn't
     depend on it because most kernel modules don't need it, but openafs
     builds userspace helper programs.  Thanks, Peter Palfrader.