diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2018-03-12 17:29:27 -0700 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2018-03-12 17:30:49 -0700 |
| commit | aefd28a7f00c4250d113d375e96abf5da3eb89f9 (patch) | |
| tree | 4e12ed5309ca57112438598b4c80780bf4cf8295 | |
| parent | 07dbaa585ab22c12658832f17529eef69223081e (diff) | |
Changelog closes #1175
| -rw-r--r-- | sites/www/changelog.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index af1123c0..55493e68 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`1175 (1.17+)` Fix a security flaw (CVE-2018-7750) in Paramiko's server + mode (emphasis on **server** mode; this does **not** impact *client* use!) + where authentication status was not checked before processing channel-open + and other requests typically only sent after authenticating. Big thanks to + Matthijs Kooijman for the report. * :bug:`1108 (1.17+)` Rename a private method keyword argument (which was named ``async``) so that we're compatible with the upcoming Python 3.7 release (where ``async`` is a new keyword.) Thanks to ``@vEpiphyte`` for the report. |