On Wed, Apr 09, 2008 at 02:41:48PM +0200, Nico Golde wrote: > the following CVE (Common Vulnerabilities & Exposures) id was > published for openssh. > > > CVE-2008-1657[0]: > | OpenSSH before 4.9 allows remote authenticated users to bypass the > | sshd_config ForceCommand directive by modifying the .ssh/rc session > | file. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry.
At the time I fixed this, it didn't have a public CVE identifier. I've retroactively filled it in (in CVS) now. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
