An information leak flaw was found in the way the OpenSSH client roaming
feature was implemented. A malicious server could potentially use this
flaw to leak portions of memory (possibly including private SSH keys) of
a successfully authenticated OpenSSH client.
A buffer overflow flaw was found in the way the OpenSSH client roaming
feature was implemented that is leading to a file descriptor leak. A
malicious server could potentially use this flaw to execute arbitrary
code on a successfully authenticated OpenSSH client if that client used
certain non-default configuration options (ProxyCommand, ForwardAgent or
ForwardX11).