Module Name: src Committed By: snj Date: Tue May 17 18:49:33 UTC 2016
Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.1 Log Message: 1168 To generate a diff of this commit: cvs rdiff -u -r1.1.2.54 -r1.1.2.55 src/doc/CHANGES-7.0.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/doc/CHANGES-7.0.1 diff -u src/doc/CHANGES-7.0.1:1.1.2.54 src/doc/CHANGES-7.0.1:1.1.2.55 --- src/doc/CHANGES-7.0.1:1.1.2.54 Wed May 11 10:10:09 2016 +++ src/doc/CHANGES-7.0.1 Tue May 17 18:49:33 2016 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.1,v 1.1.2.54 2016/05/11 10:10:09 martin Exp $ +# $NetBSD: CHANGES-7.0.1,v 1.1.2.55 2016/05/17 18:49:33 snj Exp $ A complete list of changes from the NetBSD 7.0 release to the NetBSD 7.0.1 release: @@ -3057,4 +3057,11 @@ external/bsd/ntp/scripts/mkver Update ntp to 4.2.8p7. [snj, ticket #1166] +crypto/external/bsd/openssh/dist/session.c 1.19 + + If PAM is configured to read user-specified environment variables + and UseLogin=yes in sshd_config, then a hostile local user may + attack /bin/login via LD_PRELOAD or similar environment variables + set via PAM. CVE-2015-8325. + [christos, ticket #1168]