I find out that our version of heimdal is also affected by CVE-2017-6594. So I amend the previous patch to fix it as well. Changes to 'NEWS' and files in 'tests/' does not apply, so I remove them. Also, I change hunk#4 of 'kdc/krb5tgs.c' so that it applies. It used to be: foo foo* +bar +bar* baz baz* Now it is: foo foo* +bar +bar* Here is the updated patch: