From 9ebd617cc085a14c1a197f140b037a3679ba3e2e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 28 Nov 2004 12:31:03 +0000
Subject: Fix timing information leak allowing discovery of invalid usernames
 in PAM keyboard-interactive authentication (backported from a patch by Darren
 Tucker; closes: #281595).

---
 debian/changelog | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 4a53bef7e..8693c48ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+openssh (1:3.8.1p1-8.sarge.4) UNRELEASED; urgency=high
+
+  * Fix timing information leak allowing discovery of invalid usernames in
+    PAM keyboard-interactive authentication (backported from a patch by
+    Darren Tucker; closes: #281595).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 12:12:55 +0000
+
 openssh (1:3.8.1p1-8.sarge.3) unstable; urgency=low
 
   * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
-- 
cgit v1.2.3