Raise exception when sequence numbers rollover during initial kex

author: Jeff Forcier <jeff@bitprophet.org> 2023-12-17 17:13:53 -0500
committer: Jeff Forcier <jeff@bitprophet.org> 2023-12-17 17:42:11 -0500
commit: 96db1e2be856eac66631761bae41167a1ebd2b4e (patch)
tree: 50013470bd5a207af717bd901e63e15277a813ad /sites/www
parent: 58785d29c47570fa700e096d16b9a0d3a6069048 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 87feaa77..8f745b42 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -31,6 +31,8 @@ Changelog
       -- now resets packet sequence numbers. (This should be invisible to users
       during normal operation, only causing exceptions if the exploit is
       encountered, which will usually result in, again, `MessageOrderError`.)
+    - Sequence number rollover will now raise `SSHException` if it occurs
+      during initial key exchange (regardless of strict mode status).
 
   Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for submitting
   details on the CVE prior to release.
author	Jeff Forcier <jeff@bitprophet.org>	2023-12-17 17:13:53 -0500
committer	Jeff Forcier <jeff@bitprophet.org>	2023-12-17 17:42:11 -0500
commit	96db1e2be856eac66631761bae41167a1ebd2b4e (patch)
tree	50013470bd5a207af717bd901e63e15277a813ad /sites/www
parent	58785d29c47570fa700e096d16b9a0d3a6069048 (diff)