krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium

  In order to fix CVE-2025-3576, vulnerable cryptographic
  for tickets are disabled by default unless explicitly configured
  with the new allow_rc4 or allow_des3 variables respectively.

 -- Bastien Roucariès <rouca@debian.org>  Sun, 04 May 2025 22:44:14 +0200

krb5 (1.13.1+dfsg-1) experimental; urgency=low

  The KDC process now listens on TCP port 88 as well as UDP port 88 by
  default.  To disable listening on TCP, set kdc_tcp_ports to the empty
  string in the [kdcdefaults] section of kdc.conf.

 -- Benjamin Kaduk <kaduk@mit.edu>  Fri, 13 Mar 2015 17:26:53 -0400