Re: Regarding CVE-2006-4925

Colin Watson
Wed, 17 Mar 2010 16:53:44 -0700

On Wed, Mar 10, 2010 at 11:56:39AM -0600, Alicia Smith wrote:
> I would like to know if the latest Lenny package is vulnerable as
> indicated in CVE-2006-4925.
> 
> The security-tracker is showing conflicting information and I can't seem
> to find a bug-report on this.


This vulnerability was fixed upstream in OpenSSH 4.4p1.  Lenny has
OpenSSH 5.1p1, which includes this fix.

I'm not sure we ever issued a DSA for this, and I apparently didn't
record it in the package changelog, so CCing secur...@d.o in case some
bit of tracking metadata needs to be updated somewhere.

Thanks,

-- 
Colin Watson                                       [cjwat...@debian.org]


-- 
To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317235323.ga6...@master.debian.org

Reply via email to