* Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
in PKINIT-enabled KDC".
In MIT krb5 1.12 and later, when the KDC is configured with
PKINIT support, an unauthenticated remote attacker can
bypass the requires_preauth flag on a client principal and
obtain a ciphertext encrypted in the principal's long-term
key. This ciphertext could be used to conduct an off-line
dictionary attack against the user's password.
resolves: #1216134