summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2015-08-19 18:09:02 +0100
committerColin Watson <cjwatson@debian.org>2015-08-19 18:09:02 +0100
commita608a63196dbda54e9bdd656baa253c56e76bace (patch)
tree1feaebcaaa3cb6adfcef60ea8978d2d77ccdaeb4
parent10da4133c011a9f07e108043046e73f981d87b65 (diff)
Fill in CVE-2015-5352 identifier and close #790798.
-rw-r--r--debian/changelog5
1 files changed, 3 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index e77d3462a..6c851b644 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -64,12 +64,13 @@ openssh (1:6.9p1-1) UNRELEASED; urgency=medium
64 formats. 64 formats.
65 - ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use. 65 - ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use.
66 * New upstream release (http://www.openssh.com/txt/release-6.9): 66 * New upstream release (http://www.openssh.com/txt/release-6.9):
67 - SECURITY: ssh(1): When forwarding X11 connections with 67 - CVE-2015-5352: ssh(1): When forwarding X11 connections with
68 ForwardX11Trusted=no, connections made after ForwardX11Timeout expired 68 ForwardX11Trusted=no, connections made after ForwardX11Timeout expired
69 could be permitted and no longer subject to XSECURITY restrictions 69 could be permitted and no longer subject to XSECURITY restrictions
70 because of an ineffective timeout check in ssh(1) coupled with "fail 70 because of an ineffective timeout check in ssh(1) coupled with "fail
71 open" behaviour in the X11 server when clients attempted connections 71 open" behaviour in the X11 server when clients attempted connections
72 with expired credentials. This problem was reported by Jann Horn. 72 with expired credentials (closes: #790798). This problem was reported
73 by Jann Horn.
73 - SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to 74 - SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to
74 password guessing by implementing an increasing failure delay, storing 75 password guessing by implementing an increasing failure delay, storing
75 a salted hash of the password rather than the password itself and 76 a salted hash of the password rather than the password itself and