summaryrefslogtreecommitdiffhomepage
path: root/sites
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2018-03-12 17:31:21 -0700
committerJeff Forcier <jeff@bitprophet.org>2018-03-12 17:31:21 -0700
commit841896cf4f6ca734ada0b5436109585f32335edd (patch)
tree45f2edb1c1ab9df40ded3927c2e05e5c70dd8946 /sites
parent4a981d9bad7dfdb3b4bdc62047ffa1db6925e515 (diff)
parentf2f342b6f59e86e7005d03bc56eb2b03161f5f39 (diff)
Merge branch '2.2' into 2.3
Diffstat (limited to 'sites')
-rw-r--r--sites/www/changelog.rst5
1 files changed, 5 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 4690c0ed..7ae5e025 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,11 @@
Changelog
=========
+* :bug:`1175 (1.17+)` Fix a security flaw (CVE-2018-7750) in Paramiko's server
+ mode (emphasis on **server** mode; this does **not** impact *client* use!)
+ where authentication status was not checked before processing channel-open
+ and other requests typically only sent after authenticating. Big thanks to
+ Matthijs Kooijman for the report.
* :bug:`1039` Ed25519 auth key decryption raised an unexpected exception when
given a unicode password string (typical in python 3). Report by Theodor van
Nahl and fix by Pierce Lopez.