diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2018-03-12 17:29:27 -0700 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2018-03-12 17:29:27 -0700 |
| commit | 6002e0efdcaabe96baf1746b3abdd527f2789caf (patch) | |
| tree | e42a59a6faed8cdd866b8c82cb7105c55522afb9 | |
| parent | 3139cbd658b2f6ec6339cdcfadfded06e847b8d7 (diff) | |
| download | paramiko-6002e0efdcaabe96baf1746b3abdd527f2789caf.tar.gz | |
Changelog closes #1175
| -rw-r--r-- | sites/www/changelog.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0e31b522..9ade3fff 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`1175 (1.17+)` Fix a security flaw (CVE-2018-7750) in Paramiko's server + mode (emphasis on **server** mode; this does **not** impact *client* use!) + where authentication status was not checked before processing channel-open + and other requests typically only sent after authenticating. Big thanks to + Matthijs Kooijman for the report. * :bug:`1108 (1.17+)` Rename a private method keyword argument (which was named ``async``) so that we're compatible with the upcoming Python 3.7 release (where ``async`` is a new keyword.) Thanks to ``@vEpiphyte`` for the report. |