* Florian Weimer: > Debian-specific: no
> It has been discovered that the signal handler implementing the login > timeout in Debian's version of the OpenSSH server uses functions which > are not async-signal-safe, leading to a denial of service > vulnerability (CVE-2008-4109). > > The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051), > but the patch backported to the version released with etch was > incorrect. Regarding the apparent inconsistency: the incorrect patch was not just used by Debian, but also by other distributions. The upstream fix was correct, though, so some backported patches for CVE-2006-5051 are not affected by CVE-2008-4109, hence the two CVE names. The missing mipsel packages will be delivered as soon as they are available. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
