This update for krb5-appl fixes the following issues:
- CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
- CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).