git: ssh - Remove undocumented roaming support CVE-2016-0777 CVE-2016-0778

Matthew Dillon dillon at crater.dragonflybsd.org
Thu Jan 14 09:08:19 PST 2016


commit ea24d4f2298bf4838ac6437d7cc653a60fa97d91
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Thu Jan 14 09:06:23 2016 -0800

    ssh - Remove undocumented roaming support CVE-2016-0777 CVE-2016-0778
    
    * Remove client-side 'roaming' feature as per openbsd patch.
    
    * CVE-2016-0777 CVE-2016-0778.  A malicious server can trick the client
      into potentially leaking key material.

Summary of changes:
 crypto/openssh/readconf.c | 5 ++---
 crypto/openssh/ssh.c      | 3 ---
 2 files changed, 2 insertions(+), 6 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ea24d4f2298bf4838ac6437d7cc653a60fa97d91


-- 
DragonFly BSD source repository



More information about the Commits mailing list