openssh_6.7p1-5+deb8u3_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 21 Jul 2016 15:51:59 +
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 
ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Laszlo Boszormenyi (GCS) 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 831902
Changes:
 openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2016-6210: User enumeration via covert timing channel
 (closes: #831902).
Checksums-Sha1:
 bff143012193cc818be87fb2cc85a701e4dd94fc 2709 openssh_6.7p1-5+deb8u3.dsc
 7c31b32b12a8b9aadc9b3e8fbee3b56dc8f0795f 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 868ac10a0246f4601fb91075e5999cca4b4e21ab 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 725cfad83f996522a8a83e7119d53a6da67398d0 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 2af338add69ac295737b61d718b92dca84d9ebba 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 7addc7869745a752f2af72d3499da3f37b435274 119790 ssh_6.7p1-5+deb8u3_all.deb
 f00b07ce403ec1cc2e6851a8f5d281d91748 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
 d50a45e202a6e66594ed050493b4135516c9a527 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 6b7b8b1d27ed4ca3581894dac5827cc895cfff88 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 ebbe59699881d10e25233a3db9ea1f40f615d63d 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Checksums-Sha256:
 3680d33c9638af9d0f249bee3444b490b0a1fa4ea11a04e1b97fe6e081ce8537 2709 
openssh_6.7p1-5+deb8u3.dsc
 a2f486b45310b86816fbd5b85ad61493d9b07ac3290a7b4f773747e7a47b6759 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 0cfb382650c3263349f4829f3423833c650cb0c665b731be66d5d72f9779099d 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 0376c483b3bfe1c12e87744b11391a47c8f40eecce629c00176535a716761a58 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 19d84f32345060bbc79522f8e9ed773d28a37edb5d9cd8cf83384f27f848a220 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 257a7a22101067758b9b95792d3f6f5705b8a5b00b14f0ef63553db28b4eb45e 119790 
ssh_6.7p1-5+deb8u3_all.deb
 78bfef7c0299c70fc35aa9af601d2512ffb63bffd32ee75dbd92fa4885528a8a 119334 
ssh-krb5_6.7p1-5+deb8u3_all.deb
 e56238724132239d530fd7cd92679b4e4f5b6bc4c4b9dec1c5f543b82c2dbd03 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 463a40912de0499820501026ee29284ab4429b97a24cac34c1b9ff6be410f243 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 938912669db7b2bc924e3ac202c8142342334e12b018db2a8fb0bc3ec1dd61a9 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Files:
 4a60c718008cad0c665a7e354a9d02da 2709 net standard openssh_6.7p1-5+deb8u3.dsc
 c95ae17d1c3cb77453453846f32e 150272 net standard 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 1d6685072b0fbb99480eba30d2da0d46 690360 net standard 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 7dce77acd12b801bb5d5d901f4380d3f 331268 net optional 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 c29c13fd32670a16464b805a41790608 37996 net optional 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 18ab5922af1b6841078eb9bab46cb2ef 119790 net extra ssh_6.7p1-5+deb8u3_all.deb
 1f779b09429f37d9d3a37c9b59370c45 119334 oldlibs extra 
ssh-krb5_6.7p1-5+deb8u3_all.deb
 995528c208b70003a697fbd9b52aa577 127466 gnome optional 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 c657a8c5bfb1043a7e62bba3134e81ca 259646 debian-installer optional 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 fc39fa3123e64058e1bec2201a169e5c 286308 debian-installer optional 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJXklxPAAoJENzjEOeGTMi/xf8P/2yfRdRdVjyyJwwNS2LVfhjf
fODvgyZwOpP20WTl59hCYqKIOZDkU27/QuHZl1s9qTuroPD8jgApKTg0slNdaaxV
TKOjPnsR2SsgdPDQTR9Fuemg9dBtQkDNEC8jwbbSZtEugpf5pSaC7kx8O2K3jIaP
ar2w2ZLmCPIp2lI5QceauE51H1p/yrQjmTKQIXNhMaEK0di/JWS3xnNtr3ebcU6S
0bGCA+p7Xtz/1QyRp0DfEIvz4YWLY3BOu1fVIe/4klvRP61KYca+fmKM2xR6rHmD
+rm+m2Bkq5jKUeMWoZYvFJZrG4ZKLVunAiOjCKQarJo26jv8k3oTZeRiUxGq6bbe
U+OaGFPO8bLra0dMMVwoOmLtSnJh+Nsiid5gA614wFbgCByQfUSWuoUB1/LRb8uX
yqV/h7TT8FRn3UcmYINSHmElJd2sxqtKFNzyFj36hpqvNAR4YJS7+2TlKeFRWDfW
nqF5diL/t9HRyPrnp470+6hP6Yo+vsAHbVxjmzEHow/6owXNq9Hu3aObvd3/Nm2T

Accepted openssh 1:6.7p1-5+deb8u3 (source amd64 all) into proposed-updates->stable-new, proposed-updates

[GCS]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 21 Jul 2016 15:51:59 +
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 
ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Laszlo Boszormenyi (GCS) 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 831902
Changes:
 openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2016-6210: User enumeration via covert timing channel
 (closes: #831902).
Checksums-Sha1:
 bff143012193cc818be87fb2cc85a701e4dd94fc 2709 openssh_6.7p1-5+deb8u3.dsc
 7c31b32b12a8b9aadc9b3e8fbee3b56dc8f0795f 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 868ac10a0246f4601fb91075e5999cca4b4e21ab 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 725cfad83f996522a8a83e7119d53a6da67398d0 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 2af338add69ac295737b61d718b92dca84d9ebba 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 7addc7869745a752f2af72d3499da3f37b435274 119790 ssh_6.7p1-5+deb8u3_all.deb
 f00b07ce403ec1cc2e6851a8f5d281d91748 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
 d50a45e202a6e66594ed050493b4135516c9a527 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 6b7b8b1d27ed4ca3581894dac5827cc895cfff88 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 ebbe59699881d10e25233a3db9ea1f40f615d63d 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Checksums-Sha256:
 3680d33c9638af9d0f249bee3444b490b0a1fa4ea11a04e1b97fe6e081ce8537 2709 
openssh_6.7p1-5+deb8u3.dsc
 a2f486b45310b86816fbd5b85ad61493d9b07ac3290a7b4f773747e7a47b6759 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 0cfb382650c3263349f4829f3423833c650cb0c665b731be66d5d72f9779099d 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 0376c483b3bfe1c12e87744b11391a47c8f40eecce629c00176535a716761a58 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 19d84f32345060bbc79522f8e9ed773d28a37edb5d9cd8cf83384f27f848a220 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 257a7a22101067758b9b95792d3f6f5705b8a5b00b14f0ef63553db28b4eb45e 119790 
ssh_6.7p1-5+deb8u3_all.deb
 78bfef7c0299c70fc35aa9af601d2512ffb63bffd32ee75dbd92fa4885528a8a 119334 
ssh-krb5_6.7p1-5+deb8u3_all.deb
 e56238724132239d530fd7cd92679b4e4f5b6bc4c4b9dec1c5f543b82c2dbd03 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 463a40912de0499820501026ee29284ab4429b97a24cac34c1b9ff6be410f243 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 938912669db7b2bc924e3ac202c8142342334e12b018db2a8fb0bc3ec1dd61a9 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Files:
 4a60c718008cad0c665a7e354a9d02da 2709 net standard openssh_6.7p1-5+deb8u3.dsc
 c95ae17d1c3cb77453453846f32e 150272 net standard 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 1d6685072b0fbb99480eba30d2da0d46 690360 net standard 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 7dce77acd12b801bb5d5d901f4380d3f 331268 net optional 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 c29c13fd32670a16464b805a41790608 37996 net optional 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 18ab5922af1b6841078eb9bab46cb2ef 119790 net extra ssh_6.7p1-5+deb8u3_all.deb
 1f779b09429f37d9d3a37c9b59370c45 119334 oldlibs extra 
ssh-krb5_6.7p1-5+deb8u3_all.deb
 995528c208b70003a697fbd9b52aa577 127466 gnome optional 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 c657a8c5bfb1043a7e62bba3134e81ca 259646 debian-installer optional 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 fc39fa3123e64058e1bec2201a169e5c 286308 debian-installer optional 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJXklxPAAoJENzjEOeGTMi/xf8P/2yfRdRdVjyyJwwNS2LVfhjf
fODvgyZwOpP20WTl59hCYqKIOZDkU27/QuHZl1s9qTuroPD8jgApKTg0slNdaaxV
TKOjPnsR2SsgdPDQTR9Fuemg9dBtQkDNEC8jwbbSZtEugpf5pSaC7kx8O2K3jIaP
ar2w2ZLmCPIp2lI5QceauE51H1p/yrQjmTKQIXNhMaEK0di/JWS3xnNtr3ebcU6S
0bGCA+p7Xtz/1QyRp0DfEIvz4YWLY3BOu1fVIe/4klvRP61KYca+fmKM2xR6rHmD
+rm+m2Bkq5jKUeMWoZYvFJZrG4ZKLVunAiOjCKQarJo26jv8k3oTZeRiUxGq6bbe
U+OaGFPO8bLra0dMMVwoOmLtSnJh+Nsiid5gA614wFbgCByQfUSWuoUB1/LRb8uX
yqV/h7TT8FRn3UcmYINSHmElJd2sxqtKFNzyFj36hpqvNAR4YJS7+2TlKeFRWDfW
nqF5diL/t9HRyPrnp470+6hP6Yo+vsAHbVxjmzEHow/6owXNq9Hu3aObvd3/Nm2T

Bug#831902: marked as done (openssh: CVE-2016-6210: User enumeration via covert timing channel)

[Debian Bug Tracking System]

Your message dated Sun, 24 Jul 2016 19:02:57 +
with message-id 
and subject line Bug#831902: fixed in openssh 1:6.7p1-5+deb8u3
has caused the Debian Bug report #831902,
regarding openssh: CVE-2016-6210: User enumeration via covert timing channel
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
831902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openssh
Version: 1:7.2p2-5
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for openssh.

CVE-2016-6210[0]:
User enumeration via covert timing channel

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6210
[1] http://seclists.org/fulldisclosure/2016/Jul/51

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:6.7p1-5+deb8u3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 831...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS)  (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 21 Jul 2016 15:51:59 +
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 
ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Laszlo Boszormenyi (GCS) 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 831902
Changes:
 openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2016-6210: User enumeration via covert timing channel
 (closes: #831902).
Checksums-Sha1:
 bff143012193cc818be87fb2cc85a701e4dd94fc 2709 openssh_6.7p1-5+deb8u3.dsc
 7c31b32b12a8b9aadc9b3e8fbee3b56dc8f0795f 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 868ac10a0246f4601fb91075e5999cca4b4e21ab 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 725cfad83f996522a8a83e7119d53a6da67398d0 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 2af338add69ac295737b61d718b92dca84d9ebba 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 7addc7869745a752f2af72d3499da3f37b435274 119790 ssh_6.7p1-5+deb8u3_all.deb
 f00b07ce403ec1cc2e6851a8f5d281d91748 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
 d50a45e202a6e66594ed050493b4135516c9a527 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 6b7b8b1d27ed4ca3581894dac5827cc895cfff88 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 ebbe59699881d10e25233a3db9ea1f40f615d63d 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Checksums-Sha256:
 3680d33c9638af9d0f249bee3444b490b0a1fa4ea11a04e1b97fe6e081ce8537 2709 
openssh_6.7p1-5+deb8u3.dsc
 a2f486b45310b86816fbd5b85ad61493d9b07ac3290a7b4f773747e7a47b6759 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 0cfb382650c3263349f4829f3423833c650cb0c665b731be66d5d72f9779099d 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 0376c483b3bfe1c12e87744b11391a47c8f40eecce629c00176535a716761a58 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 

Bug#832155: New ssh-session-cleanup.service kills ssh user session during upgrade

[Colin Watson]

On Sun, Jul 24, 2016 at 01:38:25AM +0200, Michael Biebl wrote:
> I referenced in my other reply that the network.target ordering has just
> been added recently (in v230). So it is possible that previously there
> was still an issue on shutdown. This is fixed now.

Do you plan to update jessie with this fix?  I ask because I've had
requests to make this openssh change available in jessie-backports.

> Besides, there are many other reasons why you really want libpam-systemd
> in combination with SSH.
> You really want the user process be tracked as part of the user session,
> so you can properly apply resource limits or safely kill user sessions.

Sure.  But non-systemd users don't need libpam-systemd at all in this
case (I'm aware that there are other cases where they may do), and it's
just noise for them; and in the case of a package such as openssh-server
that's often installed on very minimal systems indeed, they may not
previously have needed to deal with resolving libpam-systemd's
dependencies.  Unfortunately there's no good way to say "Depends:
libpam-systemd, but only if systemd is pid 1".

It's unfortunate that we don't have a good way to simply be able to
assume that all systemd users have libpam-systemd installed, which is
what I'd really prefer to be able to do here.

> > I think I'll add a Recommends on it, but I really want
> > openssh-server to be usable on very minimal systems, including those
> > using other init systems, without having to deal with dependency
> > strangenesses.
> 
> Please disable the ssh-session-cleanup.service hack by default if you
> don't want to remove it. Or better, ship it as an example file.

Compromise proposal: how about I make it do nothing if libpam-systemd is
installed (e.g. "ConditionPathExists=!/usr/share/pam-configs/systemd",
which is probably the simplest available check without needing to deal
with multiarch paths), in which case presumably the hack isn't needed?
(For backports to jessie, such a check would need to be deleted, unless
you plan to backport the ordering fix as requested above.)

> I really don't what such service file be installed (and active) by
> default on every system. People might see it and think it's actually ok
> to apply such hacks.

I'd be happy to add a warning comment to discourage that.  The script is
short enough that such a comment would be unlikely to be overlooked.

-- 
Colin Watson   [cjwat...@debian.org]

Bug#832155: New ssh-session-cleanup.service kills ssh user session during upgrade

[Michael Biebl]

Am 24.07.2016 um 17:47 schrieb Colin Watson:
> On Sun, Jul 24, 2016 at 01:38:25AM +0200, Michael Biebl wrote:

>> I referenced in my other reply that the network.target ordering has just
>> been added recently (in v230). So it is possible that previously there
>> was still an issue on shutdown. This is fixed now.
> 
> Do you plan to update jessie with this fix? 

I can do that. Unfortunately I've already filed the jessie-pu bug for
systemd a couple of hours ago (#832336, for 8.6), but I could update the
pu request accordingly.
I see what I can do, otherwise it will be in the next stable point
release, i.e 8.7

> dependencies.  Unfortunately there's no good way to say "Depends:
> libpam-systemd, but only if systemd is pid 1".

Right, we do not have conditional Depends. But since sysvinit-core is
the only existing alternative in stretch, we could use Depends:
libpam-systemd | sysvinit-core. It's slighly ugly but would probably do
the trick.


> It's unfortunate that we don't have a good way to simply be able to
> assume that all systemd users have libpam-systemd installed, which is
> what I'd really prefer to be able to do here.

I am more and more inclined that we should simply make libpam-systemd a
hard dependency of either systemd or systemd-sysv.

>> Please disable the ssh-session-cleanup.service hack by default if you
>> don't want to remove it. Or better, ship it as an example file.
> 
> Compromise proposal: how about I make it do nothing if libpam-systemd is
> installed (e.g. "ConditionPathExists=!/usr/share/pam-configs/systemd",
> which is probably the simplest available check without needing to deal
> with multiarch paths), in which case presumably the hack isn't needed?
> (For backports to jessie, such a check would need to be deleted, unless
> you plan to backport the ordering fix as requested above.)

I'm still pretty much convinced that a hack like this should not be
shipped by default, which is totally unnecessary for a default
installation. It set's a wrong precedent.
If we start piling up hacks like this, in 10 years we are back at that
mess that sysvinit has become.

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

openssh_6.7p1-5+deb8u3_amd64.changes ACCEPTED into proposed-updates->stable-new

[Debian FTP Masters]

Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 21 Jul 2016 15:51:59 +
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 
ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Laszlo Boszormenyi (GCS) 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 831902
Changes:
 openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2016-6210: User enumeration via covert timing channel
 (closes: #831902).
Checksums-Sha1:
 bff143012193cc818be87fb2cc85a701e4dd94fc 2709 openssh_6.7p1-5+deb8u3.dsc
 7c31b32b12a8b9aadc9b3e8fbee3b56dc8f0795f 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 868ac10a0246f4601fb91075e5999cca4b4e21ab 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 725cfad83f996522a8a83e7119d53a6da67398d0 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 2af338add69ac295737b61d718b92dca84d9ebba 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 7addc7869745a752f2af72d3499da3f37b435274 119790 ssh_6.7p1-5+deb8u3_all.deb
 f00b07ce403ec1cc2e6851a8f5d281d91748 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
 d50a45e202a6e66594ed050493b4135516c9a527 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 6b7b8b1d27ed4ca3581894dac5827cc895cfff88 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 ebbe59699881d10e25233a3db9ea1f40f615d63d 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Checksums-Sha256:
 3680d33c9638af9d0f249bee3444b490b0a1fa4ea11a04e1b97fe6e081ce8537 2709 
openssh_6.7p1-5+deb8u3.dsc
 a2f486b45310b86816fbd5b85ad61493d9b07ac3290a7b4f773747e7a47b6759 150272 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 0cfb382650c3263349f4829f3423833c650cb0c665b731be66d5d72f9779099d 690360 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 0376c483b3bfe1c12e87744b11391a47c8f40eecce629c00176535a716761a58 331268 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 19d84f32345060bbc79522f8e9ed773d28a37edb5d9cd8cf83384f27f848a220 37996 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 257a7a22101067758b9b95792d3f6f5705b8a5b00b14f0ef63553db28b4eb45e 119790 
ssh_6.7p1-5+deb8u3_all.deb
 78bfef7c0299c70fc35aa9af601d2512ffb63bffd32ee75dbd92fa4885528a8a 119334 
ssh-krb5_6.7p1-5+deb8u3_all.deb
 e56238724132239d530fd7cd92679b4e4f5b6bc4c4b9dec1c5f543b82c2dbd03 127466 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 463a40912de0499820501026ee29284ab4429b97a24cac34c1b9ff6be410f243 259646 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 938912669db7b2bc924e3ac202c8142342334e12b018db2a8fb0bc3ec1dd61a9 286308 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Files:
 4a60c718008cad0c665a7e354a9d02da 2709 net standard openssh_6.7p1-5+deb8u3.dsc
 c95ae17d1c3cb77453453846f32e 150272 net standard 
openssh_6.7p1-5+deb8u3.debian.tar.xz
 1d6685072b0fbb99480eba30d2da0d46 690360 net standard 
openssh-client_6.7p1-5+deb8u3_amd64.deb
 7dce77acd12b801bb5d5d901f4380d3f 331268 net optional 
openssh-server_6.7p1-5+deb8u3_amd64.deb
 c29c13fd32670a16464b805a41790608 37996 net optional 
openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 18ab5922af1b6841078eb9bab46cb2ef 119790 net extra ssh_6.7p1-5+deb8u3_all.deb
 1f779b09429f37d9d3a37c9b59370c45 119334 oldlibs extra 
ssh-krb5_6.7p1-5+deb8u3_all.deb
 995528c208b70003a697fbd9b52aa577 127466 gnome optional 
ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 c657a8c5bfb1043a7e62bba3134e81ca 259646 debian-installer optional 
openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 fc39fa3123e64058e1bec2201a169e5c 286308 debian-installer optional 
openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJXklxPAAoJENzjEOeGTMi/xf8P/2yfRdRdVjyyJwwNS2LVfhjf
fODvgyZwOpP20WTl59hCYqKIOZDkU27/QuHZl1s9qTuroPD8jgApKTg0slNdaaxV
TKOjPnsR2SsgdPDQTR9Fuemg9dBtQkDNEC8jwbbSZtEugpf5pSaC7kx8O2K3jIaP
ar2w2ZLmCPIp2lI5QceauE51H1p/yrQjmTKQIXNhMaEK0di/JWS3xnNtr3ebcU6S
0bGCA+p7Xtz/1QyRp0DfEIvz4YWLY3BOu1fVIe/4klvRP61KYca+fmKM2xR6rHmD
+rm+m2Bkq5jKUeMWoZYvFJZrG4ZKLVunAiOjCKQarJo26jv8k3oTZeRiUxGq6bbe
U+OaGFPO8bLra0dMMVwoOmLtSnJh+Nsiid5gA614wFbgCByQfUSWuoUB1/LRb8uX
yqV/h7TT8FRn3UcmYINSHmElJd2sxqtKFNzyFj36hpqvNAR4YJS7+2TlKeFRWDfW

Processing of openssh_6.7p1-5+deb8u3_amd64.changes

[Debian FTP Masters]

openssh_6.7p1-5+deb8u3_amd64.changes uploaded successfully to localhost
along with the files:
  openssh_6.7p1-5+deb8u3.dsc
  openssh_6.7p1-5+deb8u3.debian.tar.xz
  openssh-client_6.7p1-5+deb8u3_amd64.deb
  openssh-server_6.7p1-5+deb8u3_amd64.deb
  openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
  ssh_6.7p1-5+deb8u3_all.deb
  ssh-krb5_6.7p1-5+deb8u3_all.deb
  ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
  openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
  openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb

Greetings,

Your Debian queue daemon (running on host franck.debian.org)