diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 705a61580..6007a9d7b 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -5,6 +5,12 @@ openssh (1:4.3p2-4) UNRELEASED; urgency=high | |||
5 | - CVE-2006-4924: Fix a pre-authentication denial of service found by | 5 | - CVE-2006-4924: Fix a pre-authentication denial of service found by |
6 | Tavis Ormandy, that would cause sshd(8) to spin until the login grace | 6 | Tavis Ormandy, that would cause sshd(8) to spin until the login grace |
7 | time expired (closes: #389995). | 7 | time expired (closes: #389995). |
8 | - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The | ||
9 | signal handler was vulnerable to a race condition that could be | ||
10 | exploited to perform a pre-authentication denial of service. On | ||
11 | portable OpenSSH, this vulnerability could theoretically lead to | ||
12 | pre-authentication remote code execution if GSSAPI authentication is | ||
13 | enabled, but the likelihood of successful exploitation appears remote. | ||
8 | 14 | ||
9 | * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël | 15 | * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël |
10 | Hertzog; closes: #369395). | 16 | Hertzog; closes: #369395). |