Raise new exception type when unexpected messages appear

author: Jeff Forcier <jeff@bitprophet.org> 2023-12-16 13:02:05 -0500
committer: Jeff Forcier <jeff@bitprophet.org> 2023-12-16 16:16:32 -0500
commit: f4dedacb9040d27d9844f51c81c28e0247d3e4a3 (patch)
tree: 223c58a7b9921917ca34113e8d252f899eed78e8 /sites/www
parent: c32be441a5ff0dc4914b22d6d1efa392aebe862f (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 33f4ae1b..a709152e 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -18,12 +18,14 @@ Changelog
       OpenSSH >= TK (or equivalent, such as Paramiko in server mode, as of this
       patch version) and configured to use the new "strict kex" mode. Paramiko
       will always attempt to use "strict kex" mode if offered.
-    - Paramiko will raise TK if any protocol messages are received
-      out-of-order during key exchange. Previously, TK.
+    - Paramiko will now raise an `SSHException` subclass (`MessageOrderError`)
+      when protocol messages are received in unexpected order. (This is not
+      *really* a change in behavior, as most such cases already raised vanilla
+      `SSHException` anyways.)
     - Key (re)negotiation -- i.e. ``MSG_NEWKEYS``, whenever it is encountered
       -- now resets packet sequence numbers. (This should be invisible to users
       during normal operation, only causing exceptions if the exploit is
-      encountered.)
+      encountered, which will usually result in, again, `MessageOrderError`.)
 
   Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for submitting
   details on the CVE prior to release.
author	Jeff Forcier <jeff@bitprophet.org>	2023-12-16 13:02:05 -0500
committer	Jeff Forcier <jeff@bitprophet.org>	2023-12-16 16:16:32 -0500
commit	f4dedacb9040d27d9844f51c81c28e0247d3e4a3 (patch)
tree	223c58a7b9921917ca34113e8d252f899eed78e8 /sites/www
parent	c32be441a5ff0dc4914b22d6d1efa392aebe862f (diff)