diff -Nru krb5-1.17/debian/changelog krb5-1.17/debian/changelog
--- krb5-1.17/debian/changelog	2023-10-24 18:53:43.000000000 +0200
+++ krb5-1.17/debian/changelog	2024-04-10 10:33:17.000000000 +0200
@@ -1,3 +1,9 @@
+krb5 (1.17-6ubuntu4.5) focal; urgency=medium
+
+  * Fix a memory leak in krb5_gss_inquire_cred (LP: #2060666)
+
+ -- Ponnuvel Palaniyappan <pponnuvel@gmail.com>  Wed, 10 Apr 2024 09:33:17 +0100
+
 krb5 (1.17-6ubuntu4.4) focal-security; urgency=medium
 
   * SECURITY UPDATE: freeing of uninitialized memory
diff -Nru krb5-1.17/debian/patches/bug2060666.patch krb5-1.17/debian/patches/bug2060666.patch
--- krb5-1.17/debian/patches/bug2060666.patch	1970-01-01 01:00:00.000000000 +0100
+++ krb5-1.17/debian/patches/bug2060666.patch	2024-04-10 10:32:56.000000000 +0200
@@ -0,0 +1,27 @@
+Description: Fix a memory leak in krb5_gss_inquire_cred
+Commit 1cd2821 altered the memory
+management of krb5_gss_inquire_cred(), introducing defcred to act as
+an owner pointer when the function must acquire a default credential.
+The commit neglected to update the code to release the default cred
+along the successful path.  The old code does not trigger because
+cred_handle is now reassigned, so the default credential is leaked.
+Author: Ponnuvel Palaniyappan, pponnuvel@gmail.com
+Origin: upstream, https://github.com/krb5/krb5/commit/098f874f3b50dd2c46c0a574677324b5f6f3a1a8
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2060666
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: krb5-1.17/src/lib/gssapi/krb5/inq_cred.c
+===================================================================
+--- krb5-1.17.orig/src/lib/gssapi/krb5/inq_cred.c
++++ krb5-1.17/src/lib/gssapi/krb5/inq_cred.c
+@@ -197,9 +197,7 @@ krb5_gss_inquire_cred(minor_status, cred
+         mechs = GSS_C_NO_OID_SET;
+     }
+ 
+-    if (cred_handle == GSS_C_NO_CREDENTIAL)
+-        krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
+-
++    krb5_gss_release_cred(minor_status, &defcred);
+     krb5_free_context(context);
+     *minor_status = 0;
+     return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
diff -Nru krb5-1.17/debian/patches/series krb5-1.17/debian/patches/series
--- krb5-1.17/debian/patches/series	2023-10-24 18:13:06.000000000 +0200
+++ krb5-1.17/debian/patches/series	2024-04-10 10:28:29.000000000 +0200
@@ -21,3 +21,4 @@
 CVE-2021-37750.patch
 CVE-2021-36222.patch
 CVE-2023-36054.patch
+bug2060666.patch