debian-edu-config (2.11.11) unstable; urgency=high

    The Kerberos kadm ACLs in /etc/krb5kdc/kadm5.acl contained an insecure
    setting allowing all authenticated users in the network to change the
    credentials of everyone else, thus impersonating other users and gaining
    their privileges.

    If you never changed these ACLs, the package update fixes the issue
    automatically. If you did, please double-check that no unexpected
    principal has the c ACL (lower-case!) set.

 -- Dominik George <natureshadow@debian.org>  Mon, 16 Dec 2019 16:29:19 +0100