Accepted openssh 1:4.3p2-4ubuntu1 (source)

Colin Watson cjwatson at ubuntu.com
Fri Sep 29 17:46:14 BST 2006


Accepted:
openssh 1:4.3p2-4ubuntu1 was ACCEPTED.
	Component: main Section: net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 29 Sep 2006 17:10:22 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source
Version: 1:4.3p2-4ubuntu1
Distribution: edgy
Urgency: high
Maintainer: Matthew Vernon <matthew at debian.org>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - Secure shell client for the Debian installer
 openssh-server - Secure shell server, an rshd replacement
 openssh-server-udeb - Secure shell server for the Debian installer
 ssh        - Secure shell client and server (transitional package)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 366541 368503 369395 375100 379950 381942 382966 388946 389995
Changes: 
 openssh (1:4.3p2-4ubuntu1) edgy; urgency=low
 .
   * Resynchronise with Debian.
 .
 openssh (1:4.3p2-4) unstable; urgency=high
 .
   * Backport from 4.4p1 (since I don't have an updated version of the GSSAPI
     patch yet):
     - CVE-2006-4924: Fix a pre-authentication denial of service found by
       Tavis Ormandy, that would cause sshd(8) to spin until the login grace
       time expired (closes: #389995).
     - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The
       signal handler was vulnerable to a race condition that could be
       exploited to perform a pre-authentication denial of service. On
       portable OpenSSH, this vulnerability could theoretically lead to
       pre-authentication remote code execution if GSSAPI authentication is
       enabled, but the likelihood of successful exploitation appears remote.
 .
   * Read /etc/default/locale as well as /etc/environment (thanks, Raphael
     Hertzog; closes: #369395).
   * Remove no-longer-used ssh/insecure_rshd debconf template.
   * Make ssh/insecure_telnetd Type: error (closes: #388946).
 .
   * debconf template translations:
     - Update Portuguese (thanks, Rui Branco; closes: #381942).
     - Update Spanish (thanks, Javier Fernandez-Sanguino Pena;
       closes: #382966).
 .
 openssh (1:4.3p2-3) unstable; urgency=low
 .
   * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:
     https://launchpad.net/bugs/50702).
   * Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
     Introduces dependency on passwd for usermod.
   * debconf template translations:
     - Update French (thanks, Denis Barbier; closes: #368503).
     - Update Dutch (thanks, Bart Cornelis; closes: #375100).
     - Update Japanese (thanks, Kenshi Muto; closes: #379950).
Files: 
 3b6ead6e422d50593fc433c0c28befe5 1004 net standard openssh_4.3p2-4ubuntu1.dsc
 f409b35cb6fbe14c2b30555f2988af3a 165890 net standard openssh_4.3p2-4ubuntu1.diff.gz
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFHUYR9t0zAhD6TNERAtxIAJ9HrFRfqdBxYYCLEH75vm7MHfESfQCfWVIc
u+0w1SS1ej/2n19w+jo72Bk=
=hPYa
-----END PGP SIGNATURE-----





More information about the edgy-changes mailing list