-
Committer:
Package Import Robot
-
Author(s):
Gerrit Pape
-
Date:
2012-02-27 14:18:53 UTC
-
mfrom:
(1.3.8)
(14.1.3 sid)
-
Revision ID:
package-import@ubuntu.com-20120227141853-qid825t7wamjk5fc
* New upstream release.
* Fix use-after-free bug that could be triggered if command="..."
authorized_keys restrictions are used. Could allow arbitrary
code execution or bypass of the command="..." restriction to an
authenticated user. This bug affects releases 0.52 onwards.
Ref CVE-2012-0920 (closes: #661150). Thanks to Danny Fullerton
of Mantor Organization for reporting the bug.