[lug] SSH Hole (Debian)

Nate Duehr nate at natetech.com
Wed Sep 17 10:47:24 MDT 2003

Also, get a mailing list subscription to
debian-security-announce at lists.debian.org if you're running Debian boxes -- 
it's extremely low traffic (i.e. only announcements of new security
packages) and quite useful.

Nate Duehr, nate at natetech.com

----- Original Message ----- 
From: "Matt Clauson" <mec at dotorg.org>
To: <lug at lug.boulder.co.us>
Sent: Wednesday, September 17, 2003 9:56 AM
Subject: Re: [lug] SSH Hole (Debian)

Hash: SHA1

On Wednesday 17 September 2003 07:06, Dhruva B. Reddy wrote:
> Does anyone running Debian unstable know if the latest ssh package
> for that contains the patch for this latest hole?
> I noticed a release yesterday (3.6.1p2-7) which, as of this writing,
> is the latest version available, but there doesn't seem to be any
> information on whether or not the patch was backported to this.

I'd say yes.  Changelogs are one's friend.

mec at mandy:~$ zless /usr/share/doc/ssh/changelog.Debian.gz
openssh (1:3.6.1p2-7) unstable; urgency=high

  * Update debconf template translations:
    - French (thanks, Christian Perrier; closes: #208801).
    - Japanese (thanks, Kenshi Muto; closes: #210380).
  * Some small improvements to the English templates courtesy of
    Perrier. I've manually unfuzzied a few translations where it was
    obvious, on Christian's advice, but the others will have to be
  * Document how to generate an RSA1 host key (closes: #141703).
  * Incorporate NMU fix for early buffer expansion vulnerability,
    CAN-2003-0693 (closes: #211205). Thanks to Michael Stone.

 -- Colin Watson <cjwatson at debian.org>  Tue, 16 Sep 2003 14:32:28 +0100

openssh (1:3.6.1p2-6.0) unstable; urgency=high

  * SECURITY: fix for CAN-2003-0693, buffer allocation error

 -- Michael Stone <mstone at debian.org>  Tue, 16 Sep 2003 08:27:07 -0400

- --mec
Version: GnuPG v1.2.3 (GNU/Linux)


Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us portf67 channel=olug

More information about the LUG mailing list