Module Name: src
Committed By: snj
Date: Tue May 17 18:49:33 UTC 2016
Modified Files:
src/doc [netbsd-7-0]: CHANGES-7.0.1
Log Message:
1168
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.54 -r1.1.2.55 src/doc/CHANGES-7.0.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-7.0.1
diff -u src/doc/CHANGES-7.0.1:1.1.2.54 src/doc/CHANGES-7.0.1:1.1.2.55
--- src/doc/CHANGES-7.0.1:1.1.2.54 Wed May 11 10:10:09 2016
+++ src/doc/CHANGES-7.0.1 Tue May 17 18:49:33 2016
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.0.1,v 1.1.2.54 2016/05/11 10:10:09 martin Exp $
+# $NetBSD: CHANGES-7.0.1,v 1.1.2.55 2016/05/17 18:49:33 snj Exp $
A complete list of changes from the NetBSD 7.0 release to the NetBSD 7.0.1
release:
@@ -3057,4 +3057,11 @@ external/bsd/ntp/scripts/mkver
Update ntp to 4.2.8p7.
[snj, ticket #1166]
+crypto/external/bsd/openssh/dist/session.c 1.19
+
+ If PAM is configured to read user-specified environment variables
+ and UseLogin=yes in sshd_config, then a hostile local user may
+ attack /bin/login via LD_PRELOAD or similar environment variables
+ set via PAM. CVE-2015-8325.
+ [christos, ticket #1168]
