diff options
author | Colin Watson <cjwatson@debian.org> | 2015-08-19 18:46:53 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-08-19 18:46:53 +0100 |
commit | 56142d8274dde941e781cbe95cea01ee45972765 (patch) | |
tree | d2a74308cb74b37ef1e414b1e09f02e7c42562a6 /debian/changelog | |
parent | 6461fa1951314cf8c8ee9a7999f987b8003f4ff6 (diff) |
Add a couple of SECURITY: tags.
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index 252bc394f..d8745c0e5 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -136,14 +136,15 @@ openssh (1:6.9p1-1) UNRELEASED; urgency=medium | |||
136 | world-writable. Local attackers may be able to write arbitrary | 136 | world-writable. Local attackers may be able to write arbitrary |
137 | messages to logged-in users, including terminal escape sequences. | 137 | messages to logged-in users, including terminal escape sequences. |
138 | Reported by Nikolay Edigaryev. | 138 | Reported by Nikolay Edigaryev. |
139 | - sshd(8): Fixed a privilege separation weakness related to PAM support. | 139 | - SECURITY: sshd(8): Fixed a privilege separation weakness related to |
140 | Attackers who could successfully compromise the pre-authentication | 140 | PAM support. Attackers who could successfully compromise the |
141 | process for remote code execution and who had valid credentials on the | 141 | pre-authentication process for remote code execution and who had valid |
142 | host could impersonate other users. Reported by Moritz Jodeit. | 142 | credentials on the host could impersonate other users. Reported by |
143 | - sshd(8): Fixed a use-after-free bug related to PAM support that was | ||
144 | reachable by attackers who could compromise the pre-authentication | ||
145 | process for remote code execution (closes: #795711). Also reported by | ||
146 | Moritz Jodeit. | 143 | Moritz Jodeit. |
144 | - SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support | ||
145 | that was reachable by attackers who could compromise the | ||
146 | pre-authentication process for remote code execution (closes: | ||
147 | #795711). Also reported by Moritz Jodeit. | ||
147 | - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using | 148 | - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using |
148 | keyboard-interactive authentication (closes: #793616). By specifying | 149 | keyboard-interactive authentication (closes: #793616). By specifying |
149 | a long, repeating keyboard-interactive "devices" string, an attacker | 150 | a long, repeating keyboard-interactive "devices" string, an attacker |