diff options
author | Colin Watson <cjwatson@debian.org> | 2005-09-14 14:51:01 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2005-09-14 14:51:01 +0000 |
commit | 2a6f54a2f2f0efe713ee5f6eb9e2099aef0ed516 (patch) | |
tree | d9f508e4ca2d3b236b92f3e88cad00d1ae3be54e /debian | |
parent | 2c5707a233d2219f0e86913de1a741184362657c (diff) |
* Annotate 1:4.1p1-1 changelog with CVE references.
- SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that
caused GatewayPorts to be incorrectly activated for dynamic ("-D")
port forwardings when no listen address was explicitly specified
(closes: #326065).
- SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI
credentials. This code is only built in openssh-krb5, not openssh, but
I mention the CVE reference here anyway for completeness.
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index c6cfaae62..5859fd3de 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,9 +1,19 @@ | |||
1 | openssh (1:4.2p1-2) UNRELEASED; urgency=low | ||
2 | |||
3 | * Annotate 1:4.1p1-1 changelog with CVE references. | ||
4 | |||
5 | -- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 15:48:57 +0100 | ||
6 | |||
1 | openssh (1:4.2p1-1) unstable; urgency=low | 7 | openssh (1:4.2p1-1) unstable; urgency=low |
2 | 8 | ||
3 | * New upstream release. | 9 | * New upstream release. |
4 | - SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts | 10 | - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that |
5 | to be incorrectly activated for dynamic ("-D") port forwardings when | 11 | caused GatewayPorts to be incorrectly activated for dynamic ("-D") |
6 | no listen address was explicitly specified (closes: #326065). | 12 | port forwardings when no listen address was explicitly specified |
13 | (closes: #326065). | ||
14 | - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI | ||
15 | credentials. This code is only built in openssh-krb5, not openssh, but | ||
16 | I mention the CVE reference here anyway for completeness. | ||
7 | - Add a new compression method ("Compression delayed") that delays zlib | 17 | - Add a new compression method ("Compression delayed") that delays zlib |
8 | compression until after authentication, eliminating the risk of zlib | 18 | compression until after authentication, eliminating the risk of zlib |
9 | vulnerabilities being exploited by unauthenticated users. Note that | 19 | vulnerabilities being exploited by unauthenticated users. Note that |