From 2a6f54a2f2f0efe713ee5f6eb9e2099aef0ed516 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Wed, 14 Sep 2005 14:51:01 +0000 Subject: * Annotate 1:4.1p1-1 changelog with CVE references. - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified (closes: #326065). - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI credentials. This code is only built in openssh-krb5, not openssh, but I mention the CVE reference here anyway for completeness. --- debian/changelog | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index c6cfaae62..5859fd3de 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,19 @@ +openssh (1:4.2p1-2) UNRELEASED; urgency=low + + * Annotate 1:4.1p1-1 changelog with CVE references. + + -- Colin Watson Wed, 14 Sep 2005 15:48:57 +0100 + openssh (1:4.2p1-1) unstable; urgency=low * New upstream release. - - SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts - to be incorrectly activated for dynamic ("-D") port forwardings when - no listen address was explicitly specified (closes: #326065). + - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that + caused GatewayPorts to be incorrectly activated for dynamic ("-D") + port forwardings when no listen address was explicitly specified + (closes: #326065). + - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI + credentials. This code is only built in openssh-krb5, not openssh, but + I mention the CVE reference here anyway for completeness. - Add a new compression method ("Compression delayed") that delays zlib compression until after authentication, eliminating the risk of zlib vulnerabilities being exploited by unauthenticated users. Note that -- cgit v1.2.3