From 13564c50bd721939ee21a794f56c8f379d4af7c9 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@debian.org>
Date: Thu, 6 Jan 2011 20:16:53 -0800
Subject: [PATCH] Flesh out changelog for the security fixes

---
 debian/changelog | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ebebf21a2..0b2538012 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
 openafs (1.4.12.1+dfsg-4) UNRELEASED; urgency=low
 
   * Apply upstream deltas:
-    - [707a959c] update ticket5 from heimdal
-    - [beaf1606] LINUX: Use correct type of error in flock code
+    - [707a959c] update ticket5 from heimdal.  Avoids a double-free (from
+      upstream) which basically allows an arbitrary attack against any
+      krb5-aware Rx service by exploiting when the double-free occurs in
+      asn1 payloads which came from the wire.
+    - [beaf1606] LINUX: Use correct type of error in flock code.  This
+      avoids dereferencing a pointer that is not a pointer due to failing
+      to properly ERR_PTR a return value.
   * Add a dependency on libc6-dev to openafs-modules-dkms.  dkms doesn't
     depend on it because most kernel modules don't need it, but openafs
     builds userspace helper programs.  Thanks, Peter Palfrader.
-- 
2.39.5