0.7.2 and 0.6.6

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16723 ec53bebd-3082-4978-b11e-865c3cabbd6b

NEWS

@@ -13,6 +13,28 @@ Changes in release 0.8
 
  * Bug fixes
 
+Changes in release 0.7.2
+
+* Fix security problem in rshd that enable an attacker to overwrite
+  and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+  in a NULL de-reference before the user logged in, resulting in inetd
+  turning telnetd off because it forked too fast.
+
+* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
+  exists in the keytab before returning success. This allows servers
+  to check if its even possible to use GSSAPI.
+
+* Fix receiving end of token delegation for GSS-API. It still wrongly
+  uses subkey for sending for compatibility reasons, this will change
+  in 0.8.
+
+* telnetd, login and rshd are now more verbose in logging failed and
+  successful logins.
+
+* Bug fixes
+
 Changes in release 0.7.1
 
 * Bug fixes
@@ -31,6 +53,15 @@ Changes in release 0.7
 
  * Bug fixes
 
+Changes in release 0.6.6
+
+* Fix security problem in rshd that enable an attacker to overwrite
+  and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+  in a NULL de-reference before the user logged in, resulting in inetd
+  turning telnetd off because it forked too fast.
+
 Changes in release 0.6.5
 
  * fix vulnerabilities in telnetd