-
Wed Sep 20 2023 Tripp Waldrop <trwaldro@redhat.com> - 1.8.0-4.el7_9.1
- fix use-of-uninitialized-value (CVE-2020-22218)
-
Wed Oct 30 2019 Kamil Dudka <kdudka@redhat.com> - 1.8.0-4
- fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)
-
Wed Mar 20 2019 Kamil Dudka <kdudka@redhat.com> 1.8.0-3
- sanitize public header file (detected by rpmdiff)
-
Tue Mar 19 2019 Kamil Dudka <kdudka@redhat.com> 1.8.0-2
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)
- fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
- fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)
- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
-
Wed Nov 21 2018 Kamil Dudka <kdudka@redhat.com> 1.8.0-1
- rebase to 1.8.0 (#1592784)
-
Tue Sep 26 2017 Kamil Dudka <kdudka@redhat.com> 1.4.3-12
- session: avoid printing misleading debug messages (#1503294)
- scp: send valid commands for remote execution (#1489733)
-
Fri Feb 19 2016 Kamil Dudka <kdudka@redhat.com> 1.4.3-11
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
-
Mon Jun 01 2015 Kamil Dudka <kdudka@redhat.com> 1.4.3-10
- check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782)
-
Tue May 05 2015 Kamil Dudka <kdudka@redhat.com> 1.4.3-9
- curl consumes too much memory during scp download (#1080459)
- prevent a not-connected agent from closing STDIN (#1147717)
-
Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.3-8
- Mass rebuild 2014-01-24