summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2015-08-19 18:46:53 +0100
committerColin Watson <cjwatson@debian.org>2015-08-19 18:46:53 +0100
commit56142d8274dde941e781cbe95cea01ee45972765 (patch)
treed2a74308cb74b37ef1e414b1e09f02e7c42562a6 /debian/changelog
parent6461fa1951314cf8c8ee9a7999f987b8003f4ff6 (diff)
Add a couple of SECURITY: tags.
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog15
1 files changed, 8 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog
index 252bc394f..d8745c0e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -136,14 +136,15 @@ openssh (1:6.9p1-1) UNRELEASED; urgency=medium
136 world-writable. Local attackers may be able to write arbitrary 136 world-writable. Local attackers may be able to write arbitrary
137 messages to logged-in users, including terminal escape sequences. 137 messages to logged-in users, including terminal escape sequences.
138 Reported by Nikolay Edigaryev. 138 Reported by Nikolay Edigaryev.
139 - sshd(8): Fixed a privilege separation weakness related to PAM support. 139 - SECURITY: sshd(8): Fixed a privilege separation weakness related to
140 Attackers who could successfully compromise the pre-authentication 140 PAM support. Attackers who could successfully compromise the
141 process for remote code execution and who had valid credentials on the 141 pre-authentication process for remote code execution and who had valid
142 host could impersonate other users. Reported by Moritz Jodeit. 142 credentials on the host could impersonate other users. Reported by
143 - sshd(8): Fixed a use-after-free bug related to PAM support that was
144 reachable by attackers who could compromise the pre-authentication
145 process for remote code execution (closes: #795711). Also reported by
146 Moritz Jodeit. 143 Moritz Jodeit.
144 - SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support
145 that was reachable by attackers who could compromise the
146 pre-authentication process for remote code execution (closes:
147 #795711). Also reported by Moritz Jodeit.
147 - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using 148 - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using
148 keyboard-interactive authentication (closes: #793616). By specifying 149 keyboard-interactive authentication (closes: #793616). By specifying
149 a long, repeating keyboard-interactive "devices" string, an attacker 150 a long, repeating keyboard-interactive "devices" string, an attacker