- dtucker@cvs.openbsd.org 2012/01/18 21:46:43 [clientloop.c] Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus.

commit: 8d60be548778c025db8daa0345f8d77331086fc6 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Sat Feb 11 08:18:17 2012 +1100
committer: Damien Miller <djm@mindrot.org> Sat Feb 11 08:18:17 2012 +1100
tree: cdcf6eaa96eabfb9007bcc9d34194b82a6d286a2
parent: fb12c6d8bb6515512c3cd00dfcb2670a6c54ba49 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 3ebe0df..8eebcaf 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -15,6 +15,11 @@
      Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
      While there, be sure to buffer_clear() between send_msg() and recv_msg().
      ok markus@
+   - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
+     [clientloop.c]
+     Ensure that $DISPLAY contains only valid characters before using it to
+     extract xauth data so that it can't be used to play local shell
+     metacharacter games.  Report from r00t_ati at ihteam.net, ok markus.
 
 20120206
  - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
commit	8d60be548778c025db8daa0345f8d77331086fc6	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Sat Feb 11 08:18:17 2012 +1100
committer	Damien Miller <djm@mindrot.org>	Sat Feb 11 08:18:17 2012 +1100
tree	cdcf6eaa96eabfb9007bcc9d34194b82a6d286a2
parent	fb12c6d8bb6515512c3cd00dfcb2670a6c54ba49 [diff] [blame]