From d5c901bd7f5403c833fc1b1e3b3f7bd99d9a0cd6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 6 Feb 2006 16:03:06 +0000
Subject: [PATCH] 0.7.2 and 0.6.6

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16723 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 NEWS | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/NEWS b/NEWS
index 2cafaae02..29a4d1f6b 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,28 @@ Changes in release 0.8
 
  * Bug fixes
 
+Changes in release 0.7.2
+
+* Fix security problem in rshd that enable an attacker to overwrite
+  and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+  in a NULL de-reference before the user logged in, resulting in inetd
+  turning telnetd off because it forked too fast.
+
+* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
+  exists in the keytab before returning success. This allows servers
+  to check if its even possible to use GSSAPI.
+
+* Fix receiving end of token delegation for GSS-API. It still wrongly
+  uses subkey for sending for compatibility reasons, this will change
+  in 0.8.
+
+* telnetd, login and rshd are now more verbose in logging failed and
+  successful logins.
+
+* Bug fixes
+
 Changes in release 0.7.1
 
 * Bug fixes
@@ -31,6 +53,15 @@ Changes in release 0.7
 
  * Bug fixes
 
+Changes in release 0.6.6
+
+* Fix security problem in rshd that enable an attacker to overwrite
+  and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+  in a NULL de-reference before the user logged in, resulting in inetd
+  turning telnetd off because it forked too fast.
+
 Changes in release 0.6.5
 
  * fix vulnerabilities in telnetd