[SRM] krb5 changelog missing CVE
Florian Weimer noticed that the krb5 changelog in squeeze was missing a
CVE that was fixed in the patch applied.
He proposes to make a new upload that corrects the changelog so that
people who track security issues from the changelog will find the fix:
I have updated the changelog to this:
| krb5 (1.8.3+dfsg-4squeeze5) squeeze-security; urgency=high
| * CVE-2011-1529: null pointer dereference in KDC LDAP back end,
| Closes: #629558
| * CVE-2011-1528: assertion failure in multiple KDC back ends
| regarding account lockout
| -- Sam Hartman <email@example.com> Wed, 19 Oct 2011 11:55:43 -0400
(squeeze3 and squeeze4 were internal versions while he was trying to get
the text right)
Would it make sense to upload this?