From 43980e7e4f700f78100e80c45a59b7d383af0b7b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 18 Dec 2023 14:43:49 -0500 Subject: Mark recent bugs as major --- sites/www/changelog.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7ff8cf4c..00f42a70 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -6,9 +6,9 @@ Changelog - :feature:`-` `Transport` grew a new ``packetizer_class`` kwarg for overriding the packet-handler class used internally. Mostly for testing, but advanced users may find this useful when doing deep hacks. -- :bug:`-` Address `CVE 2023-48795 `_ (aka the - "Terrapin Attack", a vulnerability found in the SSH protocol re: treatment of - packet sequence numbers) as follows: +- :bug:`- major` Address `CVE 2023-48795 `_ (aka + the "Terrapin Attack", a vulnerability found in the SSH protocol re: + treatment of packet sequence numbers) as follows: - The vulnerability only impacts encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko @@ -38,8 +38,8 @@ Changelog Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for submitting details on the CVE prior to release. -- :bug:`-` Tweak ``ext-info-(c|s)`` detection during KEXINIT protocol phase; - the original implementation made assumptions based on an OpenSSH +- :bug:`- major` Tweak ``ext-info-(c|s)`` detection during KEXINIT protocol + phase; the original implementation made assumptions based on an OpenSSH implementation detail. - :release:`3.3.1 <2023-07-28>` - :bug:`-` Cleaned up some very old root level files, mostly just to exercise -- cgit v1.2.3