1 files changed, 13 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 1ee13f203..1d527aa7c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,19 @@
 openssh (1:4.2p1-1) UNRELEASED; urgency=low
  * New upstream release.
+    - SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts
+      to be incorrectly activated for dynamic ("-D") port forwardings when
+      no listen address was explicitly specified (closes: #326065).
+    - Add a new compression method ("Compression delayed") that delays zlib
+      compression until after authentication, eliminating the risk of zlib
+      vulnerabilities being exploited by unauthenticated users. Note that
+      users of OpenSSH versions earlier than 3.5 will need to disable
+      compression on the client or set "Compression yes" (losing this
+      security benefit) on the server.
+    - Increase the default size of new RSA/DSA keys generated by ssh-keygen
+      from 1024 to 2048 bits (closes: #181162).
+    - Many bugfixes and improvements to connection multiplexing.
+    - Don't pretend to accept $HOME (closes: #208648).
  * debian/rules: Resynchronise CFLAGS with that generated by configure.
 -- Colin Watson <cjwatson@debian.org>  Wed, 14 Sep 2005 13:35:17 +0100

diff --git a/debian/changelog b/debian/changelog index 1ee13f203..1d527aa7c 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,6 +1,19 @@
1	openssh (1:4.2p1-1) UNRELEASED; urgency=low	1	openssh (1:4.2p1-1) UNRELEASED; urgency=low
2		2
3	* New upstream release.	3	* New upstream release.
		4	- SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts
		5	to be incorrectly activated for dynamic ("-D") port forwardings when
		6	no listen address was explicitly specified (closes: #326065).
		7	- Add a new compression method ("Compression delayed") that delays zlib
		8	compression until after authentication, eliminating the risk of zlib
		9	vulnerabilities being exploited by unauthenticated users. Note that
		10	users of OpenSSH versions earlier than 3.5 will need to disable
		11	compression on the client or set "Compression yes" (losing this
		12	security benefit) on the server.
		13	- Increase the default size of new RSA/DSA keys generated by ssh-keygen
		14	from 1024 to 2048 bits (closes: #181162).
		15	- Many bugfixes and improvements to connection multiplexing.
		16	- Don't pretend to accept $HOME (closes: #208648).
4	* debian/rules: Resynchronise CFLAGS with that generated by configure.	17	* debian/rules: Resynchronise CFLAGS with that generated by configure.
5		18
6	-- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 13:35:17 +0100	19	-- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 13:35:17 +0100