[src/netbsd-7-0]: src/doc 1168

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/146420fda3b0
branches:  netbsd-7-0
changeset: 801184:146420fda3b0
user:      snj <snj%NetBSD.org@localhost>
date:      Tue May 17 18:49:33 2016 +0000

description:
1168

diffstat:

 doc/CHANGES-7.0.1 |  9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diffs (21 lines):

diff -r cf4c424acd16 -r 146420fda3b0 doc/CHANGES-7.0.1
--- a/doc/CHANGES-7.0.1 Tue May 17 18:48:29 2016 +0000
+++ b/doc/CHANGES-7.0.1 Tue May 17 18:49:33 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.0.1,v 1.1.2.54 2016/05/11 10:10:09 martin Exp $
+# $NetBSD: CHANGES-7.0.1,v 1.1.2.55 2016/05/17 18:49:33 snj Exp $
 
 A complete list of changes from the NetBSD 7.0 release to the NetBSD 7.0.1
 release:
@@ -3057,4 +3057,11 @@
        Update ntp to 4.2.8p7.
        [snj, ticket #1166]
 
+crypto/external/bsd/openssh/dist/session.c     1.19
 
+       If PAM is configured to read user-specified environment variables
+       and UseLogin=yes in sshd_config, then a hostile local user may
+       attack /bin/login via LD_PRELOAD or similar environment variables
+       set via PAM.  CVE-2015-8325.
+       [christos, ticket #1168]
+