git: DragonFly_RELEASE_4_4 ssh - Remove undocumented roaming support CVE-2016-0777 CVE-2016-0778

Matthew Dillon dillon at crater.dragonflybsd.org
Thu Jan 14 09:09:11 PST 2016


commit 81559ed82cdd20bdacf2e66e6435f96eb0b7c7c0
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Thu Jan 14 09:06:23 2016 -0800

    ssh - Remove undocumented roaming support CVE-2016-0777 CVE-2016-0778
    
    * Remove client-side 'roaming' feature as per openbsd patch.
    
    * CVE-2016-0777 CVE-2016-0778.  A malicious server can trick the client
      into potentially leaking key material.

Summary of changes:
 crypto/openssh/readconf.c | 5 ++---
 crypto/openssh/ssh.c      | 3 ---
 2 files changed, 2 insertions(+), 6 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/81559ed82cdd20bdacf2e66e6435f96eb0b7c7c0


-- 
DragonFly BSD source repository


More information about the Commits mailing list