Merge branch '2.2' into 2.3

author: Jeff Forcier <jeff@bitprophet.org> 2018-03-12 17:31:21 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2018-03-12 17:31:21 -0700
commit: 841896cf4f6ca734ada0b5436109585f32335edd (patch)
tree: 45f2edb1c1ab9df40ded3927c2e05e5c70dd8946 /sites/www
parent: 4a981d9bad7dfdb3b4bdc62047ffa1db6925e515 (diff)
parent: f2f342b6f59e86e7005d03bc56eb2b03161f5f39 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 4690c0ed..7ae5e025 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,11 @@
 Changelog
 =========
 
+* :bug:`1175 (1.17+)` Fix a security flaw (CVE-2018-7750) in Paramiko's server
+  mode (emphasis on **server** mode; this does **not** impact *client* use!)
+  where authentication status was not checked before processing channel-open
+  and other requests typically only sent after authenticating. Big thanks to
+  Matthijs Kooijman for the report.
 * :bug:`1039` Ed25519 auth key decryption raised an unexpected exception when
   given a unicode password string (typical in python 3). Report by Theodor van
   Nahl and fix by Pierce Lopez.
author	Jeff Forcier <jeff@bitprophet.org>	2018-03-12 17:31:21 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2018-03-12 17:31:21 -0700
commit	841896cf4f6ca734ada0b5436109585f32335edd (patch)
tree	45f2edb1c1ab9df40ded3927c2e05e5c70dd8946 /sites/www
parent	4a981d9bad7dfdb3b4bdc62047ffa1db6925e515 (diff)
parent	f2f342b6f59e86e7005d03bc56eb2b03161f5f39 (diff)