diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 51d296c5e..86ea183ef 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,3 +1,19 @@ | |||
| 1 | openssh (1:7.1p2-1) UNRELEASED; urgency=high | ||
| 2 | |||
| 3 | * New upstream release (http://www.openssh.com/txt/release-7.1p2): | ||
| 4 | - CVE-2016-0777, CVE-2016-0778: Disable experimental client-side support | ||
| 5 | for roaming, which could be tricked by a malicious server into leaking | ||
| 6 | client memory to the server, including private client user keys; this | ||
| 7 | information leak is restricted to connections to malicious or | ||
| 8 | compromised servers (closes: #810984). | ||
| 9 | - SECURITY: Fix an out of-bound read access in the packet handling code. | ||
| 10 | Reported by Ben Hawkes. | ||
| 11 | - Further use of explicit_bzero has been added in various buffer | ||
| 12 | handling code paths to guard against compilers aggressively doing | ||
| 13 | dead-store removal. | ||
| 14 | |||
| 15 | -- Colin Watson <cjwatson@debian.org> Thu, 14 Jan 2016 15:08:21 +0000 | ||
| 16 | |||
| 1 | openssh (1:7.1p1-6) unstable; urgency=medium | 17 | openssh (1:7.1p1-6) unstable; urgency=medium |
| 2 | 18 | ||
| 3 | [ Colin Watson ] | 19 | [ Colin Watson ] |