-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, 2018-05-15 at 00:14 -0400, Hugo Lefeuvre wrote:
> but I'm pretty sure it was wrong, so I changed[0] it to
>
> [wheezy] - ming 0.4.4-1.1+deb7u8
>
> Still I'm not completely sure it's the right way to proceed. Can anybody
> take a look ?
On Thu, 2017-08-17 at 19:25 +0200, Ola Lundqvist wrote:
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
Yes, I'll handle the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: strongswan
Version: 4.5.2-1.5+deb7u9
CVE ID : CVE-2017-9022 CVE-2017-9023
Two denial of service vulnerabilities were identified in strongSwan, an
IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
On Thu, 2017-06-01 at 16:31 +0200, Guido Günther wrote:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of strongswan:
> https://security-tracker.debian.org/tracker/CVE-2017-9023
>
On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > I believe Yves-Alexis Perez is handing this.
>
> I figured Mike's mail is related to
>
> TEMP-000 Eliminate the fallback from untrusted X11-forwarding to
> trusted forwarding for cases when the X server
enssh:
> > https://security-tracker.debian.org/tracker/source-package/openssh
> >
> > Would you like to take care of this yourself?
> [...]
>
> I believe Yves-Alexis Perez is handing this.
I might have failed something (i'm not overly familiar with squeeze-lts), but
I di
, especially in non interactive
setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to
update their keys if they have connected to an SSH server they don't
trust.
More details about identifying an attack and mitigations can be found in
the Qualys Security Advisory.
- --
Yves-Alexis
: squeeze-lts
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-udeb - secure shell client fo
: squeeze-lts
Urgency: high
Maintainer: Rene Mayrhofer <rm...@debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-dbg - strongSwan library and binaries
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: strongswan
Version: 4.4.1-5.8
CVE ID : CVE-2015-8023
Tobias Brunner found an authentication bypass vulnerability in
strongSwan, an IKE/IPsec suite.
Due to insufficient validation of its local state the server
On mar., 2015-06-09 at 17:29 +0200, Raphael Hertzog wrote:
Would you like to take care of this yourself? We are still
understaffed so
any help is always highly appreciated.
done
--
Yves-Alexis
signature.asc
Description: This is a digitally signed message part
by the client could
trick the user into continuing the authentication, revealing the
username and password digest (for EAP) or even the cleartext password
(if EAP-GTC is accepted).
- --
Yves-Alexis Perez
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCgAGBQJVenJTAAoJEG3bU/KmdcClUVwIAKorAD+Dz
On mar., 2015-06-09 at 17:29 +0200, Raphael Hertzog wrote:
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of strongswan:
https://security-tracker.debian.org/tracker/CVE-2015-4171
Would you like to take care of this yourself? We are
13 matches
Mail list logo
