diff options
author | Damien Miller <djm@mindrot.org> | 2012-02-11 08:18:17 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-02-11 08:18:17 +1100 |
commit | 8d60be548778c025db8daa0345f8d77331086fc6 (patch) | |
tree | cdcf6eaa96eabfb9007bcc9d34194b82a6d286a2 /ChangeLog | |
parent | fb12c6d8bb6515512c3cd00dfcb2670a6c54ba49 (diff) |
- dtucker@cvs.openbsd.org 2012/01/18 21:46:43
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -15,6 +15,11 @@ | |||
15 | Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. | 15 | Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. |
16 | While there, be sure to buffer_clear() between send_msg() and recv_msg(). | 16 | While there, be sure to buffer_clear() between send_msg() and recv_msg(). |
17 | ok markus@ | 17 | ok markus@ |
18 | - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 | ||
19 | [clientloop.c] | ||
20 | Ensure that $DISPLAY contains only valid characters before using it to | ||
21 | extract xauth data so that it can't be used to play local shell | ||
22 | metacharacter games. Report from r00t_ati at ihteam.net, ok markus. | ||
18 | 23 | ||
19 | 20120206 | 24 | 20120206 |
20 | - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms | 25 | - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms |