close 707475 1:6.2p2-1
thanks
--
To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1368729258-3943-bts-car...@debian.org
Hi,
On Fri, Aug 21, 2015 at 11:35:08AM +0200, bgr...@toplitzer.net wrote:
Source: openssh
Severity: important
Tags: upstream security
According to [1] special crafted filenames containing control characters
can cause scp to execute commands in the current shell. This works also on
Source: openssh
Version: 1:6.7p1-5
Severity: normal
Tags: security upstream
Hi
See http://www.openwall.com/lists/oss-security/2015/07/23/4 for
details.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-ssh-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Hi,
On Fri, Jan 15, 2016 at 02:55:43PM +0100, Moritz Muehlenhoff wrote:
> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > > I believe Yves-Alexis Perez is handing this.
> > >
> > > I figured Mike's mail is
: wheezy-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-udeb - secure
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote
machines
openssh-client-udeb -
Source: openssh
Version: 1:7.2p2-5
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for openssh.
CVE-2016-6210[0]:
User enumeration via covert timing channel
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: openssh
Version: 1:6.7p1-5
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for openssh.
CVE-2016-8858[0]:
|Memory exhaustion due to unregistered KEXINIT handler after receiving
|message
If you fix the vulnerability please also make sure to include
Source: openssh
Version: 1:7.3p1-5
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for openssh.
CVE-2016-10009[0]:
|ssh-agent(1): load PKCS#11 modules from paths outside a trusted
|whitelist
If you fix the vulnerability please also make sure to include
Hi Ferenc,
On Tue, Jan 31, 2017 at 04:23:07PM +0100, Ferenc Wágner wrote:
> Hi,
>
> How is this supposed to work now? On a fresh stretch install, with
> /etc/ssh/sshd_config being identical to /usr/share/openssh/sshd_config,
> dpkg-reconfigure openssh-server does not ask anything:
>
> #
Control: retitle -1 openssh: CVE-2018-15473: delay bailout for invalid
authenticating user until after the packet
This got CVE-2018-15473 assigned.
Regards,
Salvatore
Source: openssh
Version: 1:6.7p1-1
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for openssh, filling as bug
in BTS mainly for tracking. I do not think a DSA is needed for it, and
as a side note, upstream does not want to threat such a user
enumeration as
Source: openssh
Version: 1:6.7p1-5+deb8u6
Severity: normal
Hi
DLA-1500-1 introduced the following regression: In cases where
ForwardX11 is enabled, say globally for all via ssh_config, or via
command line switch, but no DISPLAY is set (e.g. in cronjob), then newly
a
> DISPLAY "(null)" invalid;
Source: openssh
Version: 1:7.9p1-4
Severity: important
Tags: patch security upstream
Control: found -1 1:7.4p1-10
Control: found -1 1:7.4p1-10+deb9u4
Hi,
The following vulnerability was published for openssh.
CVE-2018-20685[0]:
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers
match what the client
+requested (Closes: #923486)
+
+ -- Salvatore Bonaccorso Thu, 28 Feb 2019 22:45:36 +0100
+
openssh (1:7.9p1-8) unstable; urgency=medium
[ Colin Watson ]
diff -Nru openssh-7.9p1/debian/patches/series
openssh-7.9p1/debian/patches/series
--- openssh-7.9p1/debian/patches
Hi
Unchecked yet, but there was a related follow up commit upstream as
per
https://anongit.mindrot.org/openssh.git/commit/?id=3d896c157c722bc47adca51a58dca859225b5874
Regards,
Salvatore
Hi Colin,
On Sat, Oct 05, 2019 at 11:14:22PM +0100, Colin Watson wrote:
> On Sat, Oct 05, 2019 at 10:58:18PM +0200, Sebastian Andrzej Siewior wrote:
> > On 2019-10-05 21:34:22 [+0200], Salvatore Bonaccorso wrote:
> > > Or maybe it would be worth as an option to reass
Source: openssh
Version: 1:8.4p1-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 1:8.4p1-5
Control: found -1 1:7.9p1-10+deb10u2
Control: found -1 1:7.9p1-10
Hi,
The following vulnerability was published for openssh.
Source: openssh
Version: 1:9.2p1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for openssh.
CVE-2023-28531[0]:
| ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without
| the
Source: openssh
Version: 1:9.6p1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi Colin,
The following vulnerability was published for openssh. This is for now
just to track the issue as pointed out by a current paper. Apparently
openssh and
20 matches
Mail list logo