From 2e68d3e551ec72b662c23f954f14836978a88c8b Mon Sep 17 00:00:00 2001
From: "Ryan T. Hosford" <tad.hosford@gmail.com>
Date: Fri, 11 Mar 2016 13:54:00 -0600
Subject: Help players protect themselves from maliciousness

  - Since connecting to an unknown server represents some risk,
    tell players about the known risks and show them how they can eliminate
    some of that risk by patching their ssh clients.
  - Closes #13
---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index cdb9908..fea08d9 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,17 @@ $ go get && go build
 $ ./sshtron
 ```
 
+## CVE-2016-0777
+
+[CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt)
+revealed two SSH client vulnerabilities that can be exploited by a malicious SSH server. While SSHTron does not exploit
+these vulnerabilities, you should still patch your client before you play. SSHTron is open source, but the server
+could always be running a modified version of SSHTron that does exploit the vulnerabilities described
+in [CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt).
+
+If you haven't yet patched your SSH client, you can follow
+[these instructions](https://www.jacobtomlinson.co.uk/quick%20tip/2016/01/15/fixing-ssh-vulnerability-CVE-2016-0777/) to do so now.
+
 ## License
 
 SSHTron is licensed under the MIT License. See the full license text in
-- 
cgit v1.2.3