summaryrefslogtreecommitdiff
path: root/debian/patches/backport-do-not-resend-username-to-pam.patch
AgeCommit message (Collapse)Author
2015-09-17ssh_config(5): Fix markup errors in description of GSSAPITrustDns (closes: ↵Colin Watson
#799271).
2015-09-08mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen invocation ↵Colin Watson
onto a separate line to make it easier to copy and paste (LP: #1491532).
2015-08-19Document the Debian-specific change to the default value of ↵Colin Watson
ForwardX11Trusted in ssh(1) (closes: #781469).
2015-08-19Backport PAM security fixes.Colin Watson
- sshd(8): Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. - sshd(8): Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution (closes: #795711). Also reported by Moritz Jodeit.