Reword "OpenSSH UseLogin yes" item, with cross-reference to

security advisory.
2001-12-04 17:27:32 +00:00 · 2001-12-04 17:27:32 +00:00 · 33aa47d827
commit 33aa47d827
parent 4ad5ac9832
2 changed files with 10 additions and 6 deletions
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@ -1335,9 +1335,11 @@
    &man.semop.2; system call has been closed. &merged;</para>

    <para>A security hole in <application>OpenSSH</application>,
-    involving the <literal>UseLogin yes</literal> setting, has been
-    closed (note that the default for this setting is
-    <literal>UseLogin no</literal>). &merged;</para>
+    which could allow users to execute code with arbitrary privileges
+    if <literal>UseLogin yes</literal> was set, has been
+    closed.  Note that the default value of this setting is
+    <literal>UseLogin no</literal>.  (See security advisory
+    FreeBSD-SA-01:63.) &merged;</para>
  </sect2>
  <sect2 id="userland">
    <title>Userland Changes</title>
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@ -1335,9 +1335,11 @@
    &man.semop.2; system call has been closed. &merged;</para>

    <para>A security hole in <application>OpenSSH</application>,
-    involving the <literal>UseLogin yes</literal> setting, has been
-    closed (note that the default for this setting is
-    <literal>UseLogin no</literal>). &merged;</para>
+    which could allow users to execute code with arbitrary privileges
+    if <literal>UseLogin yes</literal> was set, has been
+    closed.  Note that the default value of this setting is
+    <literal>UseLogin no</literal>.  (See security advisory
+    FreeBSD-SA-01:63.) &merged;</para>
  </sect2>
  <sect2 id="userland">
    <title>Userland Changes</title>