CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
From: "Soren Jacobsen" <snj%netbsd.org@localhost>
Date: Tue, 17 May 2016 18:50:35 +0000

Module Name:    src
Committed By:   snj
Date:           Tue May 17 18:50:35 UTC 2016

Modified Files:
        src/crypto/external/bsd/openssh/dist [netbsd-7]: session.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1168):
        crypto/external/bsd/openssh/dist/session.c: revision 1.19
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.12.4.1 -r1.12.4.2 \
    src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-7-0] src/doc
Next by Date: CVS commit: [netbsd-7] src/doc
Previous by Thread: CVS commit: [netbsd-7-0] src/doc
Next by Thread: CVS commit: [netbsd-7] src/doc
Indexes:

Home | Main Index | Thread Index | Old Index