diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 705a61580..6007a9d7b 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -5,6 +5,12 @@ openssh (1:4.3p2-4) UNRELEASED; urgency=high | |||
| 5 | - CVE-2006-4924: Fix a pre-authentication denial of service found by | 5 | - CVE-2006-4924: Fix a pre-authentication denial of service found by |
| 6 | Tavis Ormandy, that would cause sshd(8) to spin until the login grace | 6 | Tavis Ormandy, that would cause sshd(8) to spin until the login grace |
| 7 | time expired (closes: #389995). | 7 | time expired (closes: #389995). |
| 8 | - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The | ||
| 9 | signal handler was vulnerable to a race condition that could be | ||
| 10 | exploited to perform a pre-authentication denial of service. On | ||
| 11 | portable OpenSSH, this vulnerability could theoretically lead to | ||
| 12 | pre-authentication remote code execution if GSSAPI authentication is | ||
| 13 | enabled, but the likelihood of successful exploitation appears remote. | ||
| 8 | 14 | ||
| 9 | * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël | 15 | * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël |
| 10 | Hertzog; closes: #369395). | 16 | Hertzog; closes: #369395). |