Your message dated Fri, 24 Aug 2018 13:52:09 +0000
with message-id <e1ftcvv-000g37...@fasolo.debian.org>
and subject line Bug#906236: fixed in openssh 1:7.4p1-10+deb9u4
has caused the Debian Bug report #906236,
regarding openssh: CVE-2018-15473: delay bailout for invalid authenticating
user until after the packet
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
906236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openssh
Version: 1:7.7p1-1
Severity: important
Tags: patch security upstream
Hi
See http://www.openwall.com/lists/oss-security/2018/08/15/5 for
details.
Upstream patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.4p1-10+deb9u4
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 906...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <s...@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 21 Aug 2018 05:14:18 +0200
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:7.4p1-10+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Sebastien Delafond <s...@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote
machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access
from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for
ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 906236
Changes:
openssh (1:7.4p1-10+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team
* CVE-2018-15473: fix username enumeration issue, initially reported
by Dariusz Tytko and Michal Sajdak (Closes: #906236)
Checksums-Sha1:
f7896be809649b58e523ade9ae69e45b361011a4 2579 openssh_7.4p1-10+deb9u4.dsc
2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 1511780 openssh_7.4p1.orig.tar.gz
9a265a9c4522f701fd641b707cb3c4dd7b0498b9 163928
openssh_7.4p1-10+deb9u4.debian.tar.xz
60da5987a5b7531836f5581e48ceb53cde16071b 2954416
openssh-client-dbgsym_7.4p1-10+deb9u4_amd64.deb
0aeef82bf97cb616420ebd566a21e2890e0115bc 1210976
openssh-client-ssh1-dbgsym_7.4p1-10+deb9u4_amd64.deb
ae7d71dffabe7ab236308f731d64e6f6c63efaeb 338452
openssh-client-ssh1_7.4p1-10+deb9u4_amd64.deb
4f62e1805aad11d416140a049231b328da522eea 278770
openssh-client-udeb_7.4p1-10+deb9u4_amd64.udeb
d63fff21911a843aa1f3c22e54e893037decb9c9 777890
openssh-client_7.4p1-10+deb9u4_amd64.deb
d55f10284dde90380051da665afed97bc4ef6f9a 876748
openssh-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
e6f84fcaec017d25c251e5397687d31bdaf8cba2 282828
openssh-server-udeb_7.4p1-10+deb9u4_amd64.udeb
c9a159aecf26797381d4c3696726e23f1b6da7b3 332484
openssh-server_7.4p1-10+deb9u4_amd64.deb
c3d39129c09d8b9a516148338c05be95e602c792 107634
openssh-sftp-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
818726442a8a988942bd5092e011940bba7ae4c9 39488
openssh-sftp-server_7.4p1-10+deb9u4_amd64.deb
077ed5a61495a2d7d7f7e8be9cb92a3ec8efd704 17176
openssh_7.4p1-10+deb9u4_amd64.buildinfo
ca308440abe83c110f64460b0458822c7b16b77d 11670
ssh-askpass-gnome-dbgsym_7.4p1-10+deb9u4_amd64.deb
84c79a6c400da66d3ea15d099d5d6e202d933e9d 200334
ssh-askpass-gnome_7.4p1-10+deb9u4_amd64.deb
b6dde63ec4115626a5e4e72dc9cd128cb8444cfb 186624
ssh-krb5_7.4p1-10+deb9u4_all.deb
0c0ea6d0106caff3f1452aec67e1f89878809bc6 188968 ssh_7.4p1-10+deb9u4_all.deb
Checksums-Sha256:
57eb36cd403b8f9f06d776f3f2f0ba4ddb52aff01ab88c134099838bff1c245f 2579
openssh_7.4p1-10+deb9u4.dsc
1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 1511780
openssh_7.4p1.orig.tar.gz
cf02250803a0a8762b520ad16679736e2177e06a1dff67c018b32d668070e686 163928
openssh_7.4p1-10+deb9u4.debian.tar.xz
474e2331448a1b6fd88c9028dea6d5f51b5eff28acddc9d75f534e9a9c4e4ebc 2954416
openssh-client-dbgsym_7.4p1-10+deb9u4_amd64.deb
5e5e0427d02af82167c835a94584c225e51a68eb12965e385519f2818fdbe78e 1210976
openssh-client-ssh1-dbgsym_7.4p1-10+deb9u4_amd64.deb
7bd3114348cb1954f03087f32ee274c9804650a30eac9cbbbb0d4a133b802f13 338452
openssh-client-ssh1_7.4p1-10+deb9u4_amd64.deb
20e907d80cab61aec1655e491017980ecc72491586dbbfcbbee70cc536f95cf0 278770
openssh-client-udeb_7.4p1-10+deb9u4_amd64.udeb
e352d88c4cfe7cceef76f4f7e8358555a03e747b3f4a48be67da479eff490231 777890
openssh-client_7.4p1-10+deb9u4_amd64.deb
9ab26e8e3195494ce0cca91f02b48465dcdc5b64bccbf7438fc8785c8ba75e21 876748
openssh-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
d9496ac636b453743fac45d72d0ed7fcc09662c837b9cdcac3477ce14a9b335f 282828
openssh-server-udeb_7.4p1-10+deb9u4_amd64.udeb
c154ad507ec7f0a903bf2209613fc18c1f309812d66cf2d24b04a6d48b380247 332484
openssh-server_7.4p1-10+deb9u4_amd64.deb
a1eca4e80e090ff9cd89c1709228e781ad5d460f36c2a7c676dfa042f6ea9369 107634
openssh-sftp-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
b3322ee9a49b8c823edd7e912ddd3accb4f0130aa4b14f544d3767a0bfa1830e 39488
openssh-sftp-server_7.4p1-10+deb9u4_amd64.deb
7e250234a1b21cad61ab4fe8fd88bc60fad247115c4c128421be9ad3072b2f1a 17176
openssh_7.4p1-10+deb9u4_amd64.buildinfo
09d23a7b65f66254dfed1ed259a76594736356bef4878c4593f2417cc79f30d5 11670
ssh-askpass-gnome-dbgsym_7.4p1-10+deb9u4_amd64.deb
699a9fb7459a87c24c799fb2645c97ec3937ccc1f26384f30f1d10e331dad6bf 200334
ssh-askpass-gnome_7.4p1-10+deb9u4_amd64.deb
7e5e203c05d0213ab8ae2f9d23428523f6018a03a6e5425a1db1dc0df519bd7f 186624
ssh-krb5_7.4p1-10+deb9u4_all.deb
87689c0389a8b481ed81962e9d092acd9ebce289f81563c7c9c793566734cb32 188968
ssh_7.4p1-10+deb9u4_all.deb
Files:
0fce8f2f388cea31837f77720f304970 2579 net standard openssh_7.4p1-10+deb9u4.dsc
b2db2a83caf66a208bb78d6d287cdaa3 1511780 net standard openssh_7.4p1.orig.tar.gz
0b929690b637a6bfa5c1bb4a9958f898 163928 net standard
openssh_7.4p1-10+deb9u4.debian.tar.xz
0a72c2229d3377e8b3c0f9a16df30c71 2954416 debug extra
openssh-client-dbgsym_7.4p1-10+deb9u4_amd64.deb
ae0af76ca1a75039f3012cf0f5f33f63 1210976 debug extra
openssh-client-ssh1-dbgsym_7.4p1-10+deb9u4_amd64.deb
31065f4e4c1f13f0aa13d0e648c2ad62 338452 net extra
openssh-client-ssh1_7.4p1-10+deb9u4_amd64.deb
939fffa6b32286bbf1484211a32dbccd 278770 debian-installer optional
openssh-client-udeb_7.4p1-10+deb9u4_amd64.udeb
c6698c0b6f6dd036bff4c841dcd248d0 777890 net standard
openssh-client_7.4p1-10+deb9u4_amd64.deb
aaaa0a664ac210e0ec566b796f101a79 876748 debug extra
openssh-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
0f2e5b133454c83d5017a8531859da85 282828 debian-installer optional
openssh-server-udeb_7.4p1-10+deb9u4_amd64.udeb
9dc9f22f6b5cb5b18a58905d00a85c6f 332484 net optional
openssh-server_7.4p1-10+deb9u4_amd64.deb
fc970df8354f928057f77f820397ae75 107634 debug extra
openssh-sftp-server-dbgsym_7.4p1-10+deb9u4_amd64.deb
7197d5f65a3287e7ca27e71d961f1c5c 39488 net optional
openssh-sftp-server_7.4p1-10+deb9u4_amd64.deb
4e93a936b2495373e38b0ea582b9bf17 17176 net standard
openssh_7.4p1-10+deb9u4_amd64.buildinfo
0d00c04242caa6f2d2c5640d977f808e 11670 debug extra
ssh-askpass-gnome-dbgsym_7.4p1-10+deb9u4_amd64.deb
06497b544e68e59a301b2c86b0731ced 200334 gnome optional
ssh-askpass-gnome_7.4p1-10+deb9u4_amd64.deb
39b8d2f160d02fe655fa8fb9b2211dad 186624 oldlibs extra
ssh-krb5_7.4p1-10+deb9u4_all.deb
bacf91eb7237db8183084792e9069edf 188968 net extra ssh_7.4p1-10+deb9u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt8HCgACgkQEL6Jg/PV
nWR4NwgAycNHYJDnkVgxBEUY2bdzFZWHWI6KEAcGOuM9Q4IiKo3j0hZPpeIDhfUT
FXG5AXizmn3UVQkRUeA9c3Kh7+CyPyE3EYXKNTrahuJmACJv5zj3CSYlD8J9YQcz
8SnCVGmYhaLkuNWbDvDrXHDHx+HTrRllH/jJzmuAt12eco+ViBZsqbYWcfr16IUW
GOuRhYIKDtO0cEfZNcrAkyrn+8iEST5hT2lVFBdYn8g9wU/9sJ+uyRkVQLhhGay+
bochvnG4H1edKST4JFtCCQZFbsGPAe23+JOwrKJyC4irTW2Oc84S2fRTtTPAHfwi
5CLLtDfGWVyYCag8vGlTrvVkcuaN2w==
=QjwD
-----END PGP SIGNATURE-----
--- End Message ---