===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -c -r1.15 -r1.16
*** www/59.html	2016/02/02 02:19:31	1.15
--- www/59.html	2016/02/03 14:58:49	1.16
***************
*** 128,146 ****
      <ul>
      <li>Security:
        <ul>
!       <li>...
        </ul>
-     <li>Potentially-incompatible changes:
-       <ul>
-       <li>...
-       </ul>
-     <li>New/changed features:
-       <ul>
-       <li>...
-       </ul>
      <li>The following significant bugs have been fixed in this release:
        <ul>
!       <li>...
        </ul>
      </ul>
  <p>
--- 128,173 ----
      <ul>
      <li>Security:
        <ul>
!       <li>Qualys Security identified vulnerabilities in the
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
!         client experimential support for resuming SSH-connections (roaming).
!         In the default configuration, this could potentially leak client keys
!         to a hostile server.  The authentication of the server host key
!         prevents exploitation by a man-in-the-middle, so this information leak
!         is restricted to connections to malicious or compromised servers.
!         This feature has been disabled in the
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
!         client, and it has been removed from the source tree.  The matching
!         server code has never been shipped.
!       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>:
!         OpenSSH 7.0 contained a logic error in
!         <tt>PermitRootLogin=prohibit-password/without-password</tt> that could,
!         depending on compile-time configuration, permit password authentication
!         to root while preventing other forms of authentication.
!       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>:
!       <li>Eliminate the fallback from untrusted X11-forwarding to trusted
!         forwarding for cases when the X server disables the <tt>SECURITY</tt>
!         extension.
!       <li>Fix an out of-bound read access in the packet handling code.
!       <li>Further use of explicit_bzero has been added in various buffer
!         handling code paths to guard against compilers aggressively doing
!         dead-store removal.
        </ul>
      <li>The following significant bugs have been fixed in this release:
        <ul>
!       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>,
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>:
!         add compatability workarounds for FuTTY.
!       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>,
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>:
!         refine compatability workarounds for WinSCP.
!       <li>Fix a number of memory faults (double-free, free of uninitialised
!         memory, etc) in
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
!         and
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&amp;sektion=1">ssh-keygen(1)</a>.
!       <li>Correctly interpret the 'first_kex_follows' option during the intial
!         key exchange.
        </ul>
      </ul>
  <p>