Comment 3 for bug 356861

Changelog from 1.4.8.dfsg1-3 to 1.4.9.dfsg1-0+ubuntu1:

 openafs (1.4.9.dfsg1-0+ubuntu1) jaunty; urgency=low
 .
   * New upstream release.
     - Fix OPENAFS-SA-2009-001 - Network based buffer overflow attack
       against Unix cache manager. (LP: #356861)
     - Fix OPENAFS-SA-2009-002 - Denial of service attack against Linux
       cache manager. (LP: #356861)

Changelog from 1.4.8.dfsg1-3 to 1.4.10+dfsg1-1:

 openafs (1.4.10+dfsg1-1) unstable; urgency=high
 .
   * New upstream release.
     - OPENAFS-SA-2009-001: Avoid a potential kernel memory overrun if more
       items than requested are returned from an InlineBulk or BulkStatus
       message. (CVE-2009-1251)
     - OPENAFS-SA-2009-002: Avoid converting negative errors into invalid
       kernel memory pointers. (CVE-2009-1250)
     - Preliminary support for 2.6.30 kernels.
     - Dynamic vcache allocation support to deal with inotify vcache
       pinning.
     - Do appropriate locking for CellServDB in /proc.
     - Use +dfsg instead of .dfsg for saner version sorting.
   * Debian's 2.6.29 packages no longer include symlinks from the
     architecture-specific header tree to the common header tree and
     instead overlay both header trees using kbuild. Change the Autoconf
     probes to always use kbuild and generate stub headers in the paths
     that OpenAFS expects that include the linux headers. Patch from Aaron
     M. Ucko. (Closes: #521745)
   * Build PIC versions of libafsauthent and libafsrpc and install them in
     libopenafs-dev for use when AFS code should be embedded into shared
     libraries. Patch from Garrett Wollman.
   * Update CellServDB to 2008-11-07 version. (Closes: #522451)
   * Update debian/watch for +dfsg naming instead of .dfsg.
   * Update standards version to 3.8.1 (no changes required).
   * Translation updates:
     - Japanese, thanks Hideki Yamane. (Closes: #521518)