From 398339218e03661785c39ea0b0c74471b7704fe0 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 23 Feb 2012 21:45:36 +0800
Subject: [PATCH] - Improve CHANGES description

---
 CHANGES | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8df269a6..3e14bad5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,14 +1,16 @@
 2012.55 - Wednesday 22 February 2012
 
-- Security: Fix use-after-free bug that could be triggered when multiple command sessions were
-  made when a command="" authorized_keys restriction was in effect. Possible arbitrary
-  code execution to an authenticated user, and probable bypass of the command="" restriction.
-  CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug
+- Security: Fix use-after-free bug that could be triggered if command="..."
+  authorized_keys restrictions are used.  Could allow arbitrary code execution
+  or bypass of the command="..." restriction to an authenticated user.
+  This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
+  Thanks to Danny Fullerton of Mantor Organization for reporting
+  the bug.
 
 - Compile fix, only apply IPV6 socket options if they are available in headers
   Thanks to Gustavo Zacarias for the patch
 
-- Clear key memory on exit
+- Overwrite session key memory on exit
 
 - Fix minor memory leak in unusual PAM authentication configurations.
   Thanks to Stathis Voukelatos
-- 
GitLab