Updates for krb5-1.10.6krb5-1.10.6-final

2 files changed, 25 insertions, 3 deletions

diff --git a/README b/README
index 0e03bc9..07efb5d 100644
--- a/README
+++ b/README
@@ -70,6 +70,27 @@ from using single-DES cryptosystems.  Among these is a configuration
 variable that enables "weak" enctypes, which defaults to "false"
 beginning with krb5-1.8.
 
+Major changes in krb5-1.10.6 (2013-06-05)
+-----------------------------------------
+
+This is a bugfix release.  The krb5-1.10 release series is in
+maintenance, and for new deployments, installers should prefer the
+krb5-1.11 release series or later.
+
+* Fix a UDP ping-pong vulnerability in the kpasswd (password changing)
+  service.  [CVE-2002-2443]
+
+* Improve interoperability with some Windows native PKINIT clients.
+
+krb5-1.10.6 changes by ticket ID
+--------------------------------
+
+7638    Fix kpasswd UDP ping-pong [CVE-2002-2443]
+7649    Fix transited handling for GSSAPI acceptors
+7658    Ignore missing Q in dh_params
+7659    allow dh_min_bits >= 1024
+7660    Set msg_type when decoding FAST requests
+
 Major changes in krb5-1.10.5 (2013-04-17)
 -----------------------------------------
 
@@ -606,6 +627,7 @@ reports, suggestions, and valuable resources:
     Joel Johnson
     W. Trevor King
     Mikkel Kruse
+    Reinhard Kugler
     Volker Lendecke
     Jan iankko Lieskovsky
     Oliver Loch
diff --git a/src/patchlevel.h b/src/patchlevel.h
index 34d834e..317a575 100644
--- a/src/patchlevel.h
+++ b/src/patchlevel.h
@@ -51,7 +51,7 @@
  */
 #define KRB5_MAJOR_RELEASE 1
 #define KRB5_MINOR_RELEASE 10
-#define KRB5_PATCHLEVEL 5
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 6
+/* #undef KRB5_RELTAIL */
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "krb5-1.10"
+#define KRB5_RELTAG "krb5-1.10.6-final"