[lug] SSH Hole (Debian)
Matt Clauson
mec at dotorg.org
Wed Sep 17 09:56:10 MDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 17 September 2003 07:06, Dhruva B. Reddy wrote:
> Does anyone running Debian unstable know if the latest ssh package
> for that contains the patch for this latest hole?
>
> I noticed a release yesterday (3.6.1p2-7) which, as of this writing,
> is the latest version available, but there doesn't seem to be any
> information on whether or not the patch was backported to this.
I'd say yes. Changelogs are one's friend.
mec at mandy:~$ zless /usr/share/doc/ssh/changelog.Debian.gz
openssh (1:3.6.1p2-7) unstable; urgency=high
* Update debconf template translations:
- French (thanks, Christian Perrier; closes: #208801).
- Japanese (thanks, Kenshi Muto; closes: #210380).
* Some small improvements to the English templates courtesy of
Christian
Perrier. I've manually unfuzzied a few translations where it was
obvious, on Christian's advice, but the others will have to be
updated.
* Document how to generate an RSA1 host key (closes: #141703).
* Incorporate NMU fix for early buffer expansion vulnerability,
CAN-2003-0693 (closes: #211205). Thanks to Michael Stone.
-- Colin Watson <cjwatson at debian.org> Tue, 16 Sep 2003 14:32:28 +0100
openssh (1:3.6.1p2-6.0) unstable; urgency=high
* SECURITY: fix for CAN-2003-0693, buffer allocation error
-- Michael Stone <mstone at debian.org> Tue, 16 Sep 2003 08:27:07 -0400
- --mec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/aIQavDNtj3aXDYkRApzZAJ4vc/pmP3TYoxxEWwm8gP2t4bhjoACcCbos
c/a1Jik6jCA8RjIOXLvpHlE=
=/jkv
-----END PGP SIGNATURE-----
More information about the LUG
mailing list