CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Date published : 2014-03-17
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html