Reword "OpenSSH UseLogin yes" item, with cross-reference to

security advisory.

2 files changed, 10 insertions, 6 deletions

diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 6aeb2d5..ee0823a 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -1335,9 +1335,11 @@
     &man.semop.2; system call has been closed. &merged;</para>
 
     <para>A security hole in <application>OpenSSH</application>,
-    involving the <literal>UseLogin yes</literal> setting, has been
-    closed (note that the default for this setting is
-    <literal>UseLogin no</literal>). &merged;</para>
+    which could allow users to execute code with arbitrary privileges
+    if <literal>UseLogin yes</literal> was set, has been
+    closed.  Note that the default value of this setting is
+    <literal>UseLogin no</literal>.  (See security advisory
+    FreeBSD-SA-01:63.) &merged;</para>
   </sect2>
   <sect2 id="userland">
     <title>Userland Changes</title>
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 6aeb2d5..ee0823a 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -1335,9 +1335,11 @@
     &man.semop.2; system call has been closed. &merged;</para>
 
     <para>A security hole in <application>OpenSSH</application>,
-    involving the <literal>UseLogin yes</literal> setting, has been
-    closed (note that the default for this setting is
-    <literal>UseLogin no</literal>). &merged;</para>
+    which could allow users to execute code with arbitrary privileges
+    if <literal>UseLogin yes</literal> was set, has been
+    closed.  Note that the default value of this setting is
+    <literal>UseLogin no</literal>.  (See security advisory
+    FreeBSD-SA-01:63.) &merged;</para>
   </sect2>
   <sect2 id="userland">
     <title>Userland Changes</title>