main/openssh: security fix for CVE-2016-0777 and CVE-2016-0778

CVE-2016-0777

    An information leak (memory disclosure) can be exploited by a rogue
    SSH server to trick a client into leaking sensitive data from the
    client memory, including for example private keys.

CVE-2016-0778

    A buffer overflow (leading to file descriptor leak), can also be
    exploited by a rogue SSH server, but due to another bug in the code
    is possibly not exploitable, and only under certain conditions (not
    the default configuration), when using ProxyCommand, ForwardAgent or
    ForwardX11.

fixes #5017

0 files changed, 0 insertions, 0 deletions