Merge branch '2.1' into 2.2

author: Jeff Forcier <jeff@bitprophet.org> 2018-03-12 17:31:18 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2018-03-12 17:31:18 -0700
commit: f2f342b6f59e86e7005d03bc56eb2b03161f5f39 (patch)
tree: dc0dc193c2f53c1be64b25b4ffac71598168b346 /sites/www
parent: a293bbaf11ca0c19d240503c6c1bfbb5e46931b8 (diff)
parent: 493a60d54b40f51e165fe75ab8b6935f15e98f1a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index be13bfeb..67f7d157 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,11 @@
 Changelog
 =========
 
+* :bug:`1175 (1.17+)` Fix a security flaw (CVE-2018-7750) in Paramiko's server
+  mode (emphasis on **server** mode; this does **not** impact *client* use!)
+  where authentication status was not checked before processing channel-open
+  and other requests typically only sent after authenticating. Big thanks to
+  Matthijs Kooijman for the report.
 * :bug:`1039` Ed25519 auth key decryption raised an unexpected exception when
   given a unicode password string (typical in python 3). Report by Theodor van
   Nahl and fix by Pierce Lopez.
author	Jeff Forcier <jeff@bitprophet.org>	2018-03-12 17:31:18 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2018-03-12 17:31:18 -0700
commit	f2f342b6f59e86e7005d03bc56eb2b03161f5f39 (patch)
tree	dc0dc193c2f53c1be64b25b4ffac71598168b346 /sites/www
parent	a293bbaf11ca0c19d240503c6c1bfbb5e46931b8 (diff)
parent	493a60d54b40f51e165fe75ab8b6935f15e98f1a (diff)