SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.

author: Colin Watson <cjwatson@debian.org> 2015-08-19 18:01:59 +0100
committer: Colin Watson <cjwatson@debian.org> 2015-08-19 18:06:11 +0100
commit: 10da4133c011a9f07e108043046e73f981d87b65 (patch)
tree: 2d826e16decba7a9b66616c590e0bebda750fcec /debian/changelog
parent: 927d0032b865f05679d3cc052bc13cb0e6490283 (diff)
parent: 12577aa167c76d517bfe78f603fe805f190d8d05 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 06ec4ab09..e77d3462a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -129,6 +129,12 @@ openssh (1:6.9p1-1) UNRELEASED; urgency=medium
      SendEnv and AcceptEnv; bz#2386
    - sshd(8): Format UsePAM setting when using sshd -T (closes: #767648).
    - moduli(5): Update DH-GEX moduli (closes: #787037).
+  * There are some things I want to fix before upgrading to 7.0p1, though I
+    intend to do that soon.  In the meantime, backport security patches:
+    - SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
+      world-writable.  Local attackers may be able to write arbitrary
+      messages to logged-in users, including terminal escape sequences.
+      Reported by Nikolay Edigaryev.
  * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the
    GSSAPI key exchange patch.
author	Colin Watson <cjwatson@debian.org>	2015-08-19 18:01:59 +0100
committer	Colin Watson <cjwatson@debian.org>	2015-08-19 18:06:11 +0100
commit	10da4133c011a9f07e108043046e73f981d87b65 (patch)
tree	2d826e16decba7a9b66616c590e0bebda750fcec /debian/changelog
parent	927d0032b865f05679d3cc052bc13cb0e6490283 (diff)
parent	12577aa167c76d517bfe78f603fe805f190d8d05 (diff)