On Wed, Mar 10, 2010 at 11:56:39AM -0600, Alicia Smith wrote: > I would like to know if the latest Lenny package is vulnerable as > indicated in CVE-2006-4925. > > The security-tracker is showing conflicting information and I can't seem > to find a bug-report on this.
This vulnerability was fixed upstream in OpenSSH 4.4p1. Lenny has OpenSSH 5.1p1, which includes this fix. I'm not sure we ever issued a DSA for this, and I apparently didn't record it in the package changelog, so CCing [email protected] in case some bit of tracking metadata needs to be updated somewhere. Thanks, -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
