changelog: Mention netlink short packet discard.

[secnet.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index 3bceeb80a6888a98247937a2b0b8079f760d5880..ea1d421c00d2b8c6a4441c5a6339a10d27c674f5 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+secnet (0.3.0~beta2) unstable; urgency=low
+
+  * New upstream version.
+   - SECURITY FIX: RSA public modulus and exponent buffer overflow.
+   - SECURITY FIX: Use constant-time memcmp for message authentication.
+   - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
+   - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
+   - SECURITY FIX: Fix site name checking when site name A is prefix of B.
+   - SECURITY FIX: Safely reject too-short IP packets.
+   - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
+   - Better robustness against SLIP decoding errors.
+   - Fix bugs which caused routes to sometimes not be advertised.
+   - Protocol capability negotiation mechanism.
+   - Improvements and fixes to protocol and usage documentation.
+   - Other bugfixes and code tidying up.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 25 Jul 2013 18:26:01 +0100
+
 secnet (0.3.0~beta1) unstable; urgency=low
 
   * New upstream version.
@@ -8,6 +26,10 @@ secnet (0.3.0~beta1) unstable; urgency=low
    - make-secnet-sites made more sophisticated to support two vpns on chiark.
    - Documentation improvements.
    - Build system improvements.
+  * Debian packaging improvements:
+   - Native package.
+   - Maintainer / uploaders.
+   - init script requires $remove_fs since we're in /usr.
 
  -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 12 Jul 2012 20:18:16 +0100