diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2018-03-12 17:31:21 -0700 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2018-03-12 17:31:21 -0700 |
| commit | fe7e3036def7df35b3e1207fceb19ce742354eb3 (patch) | |
| tree | d72a8a93218a14a189a29d9670ad22bb54a09b0e | |
| parent | c9e28eb9ac659f88d800a5a27db1253f4ee2b4fa (diff) | |
| parent | 841896cf4f6ca734ada0b5436109585f32335edd (diff) | |
Merge branch '2.3' into 2.4
| -rw-r--r-- | sites/www/changelog.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d415aa92..dcffb015 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`1175 (1.17+)` Fix a security flaw (CVE-2018-7750) in Paramiko's server + mode (emphasis on **server** mode; this does **not** impact *client* use!) + where authentication status was not checked before processing channel-open + and other requests typically only sent after authenticating. Big thanks to + Matthijs Kooijman for the report. * :bug:`1039` Ed25519 auth key decryption raised an unexpected exception when given a unicode password string (typical in python 3). Report by Theodor van Nahl and fix by Pierce Lopez. |