+secnet (0.3.4) unstable; urgency=low
+
+ SECURITY FIX:
+ * The previous security fix to buffer handling was entirely wrong. This
+ one is better. Thanks to Simon Tatham for the report and the patch.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 22 Sep 2014 16:16:11 +0100
+
+secnet (0.3.3) unstable; urgency=high
+
+ SECURITY FIXES:
+ * Pass correct size argument to recvfrom. This is a serious security
+ problem which may be exploitable from outside the VPN.
+ * Fix a memory leak in some error logging.
+
+ Other related fixes:
+ * Two other latent bugs in buffer length handling found and fixed.
+ * Non-critical stylistic improvements to buffer length handling, to make
+ the code clearer and to assist audit.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 23:50:45 +0100
+