I'm having some trouble identifying the format string vulnerability mentioned in SA-2003-001 and CAN-2003-0060. It doesn't mention which krb5 version fixed it. Anybody know which versions had this problem and which one fixed it?