** Patch added: "lp1794629-artful.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+attachment/5200768/+files/lp1794629-artful.debdiff
** Patch removed: "bionic-upstream-delay-bailout-for-invalid-authenticating-user.patch" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+attachment/5200217/+files/bionic-upstream-delay-bailout-for-invalid-authenticating-user.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1794629 Title: CVE-2018-15473 - User enumeration vulnerability Status in openssh package in Ubuntu: Confirmed Bug description: https://nvd.nist.gov/vuln/detail/CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. Fixed in Debian: https://www.debian.org/security/2018/dsa-4280 Currently pending triage? https://people.canonical.com/~ubuntu- security/cve/2018/CVE-2018-15473.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
