-
Wed Mar 16 2016 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-25 + 0.9.3-9
- CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)
-
Tue Mar 15 2016 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-24 + 0.9.3-9
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317818)
-
Wed Jan 13 2016 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-23 + 0.9.3-9
- Disable undocumented feauture Roaming for good (#1298218)
- prevents CVE-2016-0777 and CVE-2016-0778
-
Fri Sep 25 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-22 + 0.9.3-9
- Use the correct constant for glob limits (#1160377)
-
Thu Sep 24 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-21 + 0.9.3-9
- Extend memory limit for remote glob in sftp acc. to stat limit (#1160377)
-
Thu Sep 24 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-20 + 0.9.3-9
- Fix vulnerabilities published with openssh-7.0 (#1265807)
- Privilege separation weakness related to PAM support
- Use-after-free bug related to PAM support
-
Thu Sep 24 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-19 + 0.9.3-9
- Increase limit of files for glob match in sftp to 8192 (#1160377)
-
Tue Aug 18 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-18 + 0.9.3-9
- Add GSSAPIKexAlgorithms option for server and client application (#1253062)
-
Wed Jul 29 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-17 + 0.9.3-9
- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)
- XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231)
- weakness of agent locking (ssh-add -x) to password guessing (#1238238)
-
Mon Jul 27 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-16 + 0.9.3-9
- only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)