From e25076d79c81c71084589a12a70d348da669e62f Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@FreeBSD.org>
Date: Tue, 4 Dec 2001 17:27:32 +0000
Subject: [PATCH] Reword "OpenSSH UseLogin yes" item, with cross-reference to
 security advisory.

---
 release/doc/en_US.ISO8859-1/relnotes/article.sgml    | 8 +++++---
 release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 6aeb2d534a3..ee0823a5827 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -1335,9 +1335,11 @@
     &man.semop.2; system call has been closed. &merged;</para>
 
     <para>A security hole in <application>OpenSSH</application>,
-    involving the <literal>UseLogin yes</literal> setting, has been
-    closed (note that the default for this setting is
-    <literal>UseLogin no</literal>). &merged;</para>
+    which could allow users to execute code with arbitrary privileges
+    if <literal>UseLogin yes</literal> was set, has been
+    closed.  Note that the default value of this setting is
+    <literal>UseLogin no</literal>.  (See security advisory
+    FreeBSD-SA-01:63.) &merged;</para>
   </sect2>
   <sect2 id="userland">
     <title>Userland Changes</title>
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 6aeb2d534a3..ee0823a5827 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -1335,9 +1335,11 @@
     &man.semop.2; system call has been closed. &merged;</para>
 
     <para>A security hole in <application>OpenSSH</application>,
-    involving the <literal>UseLogin yes</literal> setting, has been
-    closed (note that the default for this setting is
-    <literal>UseLogin no</literal>). &merged;</para>
+    which could allow users to execute code with arbitrary privileges
+    if <literal>UseLogin yes</literal> was set, has been
+    closed.  Note that the default value of this setting is
+    <literal>UseLogin no</literal>.  (See security advisory
+    FreeBSD-SA-01:63.) &merged;</para>
   </sect2>
   <sect2 id="userland">
     <title>Userland Changes</title>