* A covert timing channel flaw was found in the way OpenSSH handled
authentication of non-existent users. A remote unauthenticated attacker
could possibly use this flaw to determine valid user names by measuring
the timing of server responses. (CVE-2016-6210)
--