untrusted comment: signature from openbsd 5.7 base secret key
RWSvUZXnw9gUbxEaE6oNKs6un2a9hNnXElN+EO1qiqjnAga2v8AbXZzlOmLfpuI13qnyVe+hlQq2my+ZCh+LfLigqGqIMVUSpgQ=

OpenBSD 5.7 errata 14, Aug 16, 2015:

Fix permissions to disallow other users writing to pseudo terminals.

Apply by doing:
    signify -Vep /etc/signify/openbsd-57-base.pub -x 014_sshd.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install sshd:
    cd /usr/src/usr.bin/ssh
    make obj
    make depend
    make
    make install

Index: usr.bin/ssh/sshpty.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshpty.c,v
retrieving revision 1.29
retrieving revision 1.29.2.1
diff -u -p -r1.29 -r1.29.2.1
--- usr.bin/ssh/sshpty.c	3 Sep 2014 18:55:07 -0000	1.29
+++ usr.bin/ssh/sshpty.c	12 Aug 2015 20:22:42 -0000	1.29.2.1
@@ -142,7 +142,7 @@ pty_setowner(struct passwd *pw, const ch
 	/* Determine the group to make the owner of the tty. */
 	grp = getgrnam("tty");
 	gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
-	mode = (grp != NULL) ? 0622 : 0600;
+	mode = (grp != NULL) ? 0620 : 0600;
 
 	/*
 	 * Change owner and mode of the tty as required.