summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-03-21 14:54:31 +0000
committerColin Watson <cjwatson@debian.org>2014-03-21 14:54:31 +0000
commit5c4cc02836ec0e74636a69c2ba85e7b37e97bd6d (patch)
tree32e2b1e7f30fecbd7d1cbbefe2b16e4a97b067bf
parent2ee2de47fd0f684f54218d31b4ec83930e69c18e (diff)
Mention CVE-2014-2532 in changelog.
-rw-r--r--debian/changelog6
1 files changed, 5 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index eccc51410..9c3b531e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,11 @@ openssh (1:6.6p1-1) UNRELEASED; urgency=medium
2 2
3 * Apply various warning-suppression and regression-test fixes to 3 * Apply various warning-suppression and regression-test fixes to
4 gssapi.patch from Damien Miller. 4 gssapi.patch from Damien Miller.
5 * New upstream release (http://www.openssh.com/txt/release-6.6). 5 * New upstream release (http://www.openssh.com/txt/release-6.6):
6 - CVE-2014-2532: sshd(8): when using environment passing with an
7 sshd_config(5) AcceptEnv pattern with a wildcard, OpenSSH prior to 6.6
8 could be tricked into accepting any environment variable that contains
9 the characters before the wildcard character.
6 10
7 -- Colin Watson <cjwatson@debian.org> Thu, 20 Mar 2014 00:32:46 +0000 11 -- Colin Watson <cjwatson@debian.org> Thu, 20 Mar 2014 00:32:46 +0000
8 12