Package: openssh-client Version: 1:5.1p1-2 Severity: minor
When running ssh-vulnkey -a on a system with no compromised keys, I used to get no output. I would argue this to be the correct behaviour. Now, however I get # # See the ssh-vulnkey(1) manual page for further advice. which is an entirely superfluous, and even misleading message as it would seem to suggest there is something wrong that reading the manpage might explain. Anyone with half a brain operating a Debian system with ssh enabled should know not only to read this man page, but also the scores of other information about how to mitigate this vulnerability. This is also very inconvienient for running ssh-vulnkey -a in cron, which must now filter out this message so it doesn't email root when there's nothing wrong. Kevin -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (600, 'testing'), (400, 'unstable'), (300, 'stable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) (ignored: LC_ALL set to en_GB) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-client depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii dpkg 1.14.20 Debian package management system ii libc6 2.7-13 GNU C Library: Shared libraries ii libcomerr2 1.41.0-3 common error description library ii libedit2 2.11~20080614-1 BSD editline and history libraries ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries ii libncurses5 5.6+20080713-1 shared libraries for terminal hand ii libssl0.9.8 0.9.8g-13 SSL shared libraries ii passwd 1:4.1.1-3 change and administer password and ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.3-2 X authentication utility Versions of packages openssh-client suggests: pn keychain <none> (no description available) pn libpam-ssh <none> (no description available) pn ssh-askpass <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
