- add patch to correct unauthorized access via krb5-aware telnet daemon

(#229782, CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind (#231528,
    CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)

krb5.spec

@@ -15,7 +15,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6
-Release: 2
+Release: 3
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -76,6 +76,9 @@ Patch44: krb5-1.4.3-enospc.patch
 Patch45: krb5-1.5-gssinit.patch
 Patch46: krb5-1.6-fix-sendto_kdc-memset.dif
 Patch47: krb5-1.6-sort-of-static.patch
+Patch48: krb5-1.6-CVE-2007-0956-prelim.patch
+Patch49: krb5-1.6-CVE-2007-0957-prelim.patch
+Patch50: krb5-1.6-CVE-2007-1216-prelim.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -190,6 +193,13 @@ installed on systems which are meant provide these services.
 %endif
 
 %changelog
+* Tue Apr  3 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6-3
+- add patch to correct unauthorized access via krb5-aware telnet
+  daemon (#229782, CVE-2007-0956)
+- add patch to fix buffer overflow in krb5kdc and kadmind
+  (#231528, CVE-2007-0957)
+- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
+
 * Thu Mar 22 2007 Nalin Dahyabhai <nalin@redhat.com>
 - back out buildrequires: keyutils-libs-devel for now
 
@@ -1074,6 +1084,9 @@ installed on systems which are meant provide these services.
 %if %{build_static}
 %patch47 -p1 -b .sort-of-static
 %endif
+%patch48 -p0 -b .CVE-2007-0956
+%patch49 -p0 -b .CVE-2007-0957
+%patch50 -p0 -b .CVE-2007-1216
 cp src/krb524/README README.krb524
 gzip doc/*.ps