Quantcast

Bug#700102: openssh: CVE-2010-5107 trivial DoS due to default configuration

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bug#700102: openssh: CVE-2010-5107 trivial DoS due to default configuration

Nico Golde-6
Package: openssh-server
Severity: important
Tags: security patch

Hi,
the following vulnerability was published for openssh-server.

CVE-2010-5107[0]:
http://www.openwall.com/lists/oss-security/2013/02/06/5

This resulted in the following upstream changes:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

It would be also great if you could push this to stable-proposed-updates so
this is changed for wheezy.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
    http://security-tracker.debian.org/tracker/CVE-2010-5107

Please adjust the affected versions in the BTS as needed.

--
Nico Golde - http://www.ngolde.de - [hidden email] - GPG: 0xA0A0AAAA

attachment0 (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bug#700102: marked as done (openssh: CVE-2010-5107 trivial DoS due to default configuration)

Debian Bug Tracking System
Your message dated Fri, 08 Feb 2013 21:39:15 +0000
with message-id <[hidden email]>
and subject line Bug#700102: fixed in openssh 1:6.1p1-3
has caused the Debian Bug report #700102,
regarding openssh: CVE-2010-5107 trivial DoS due to default configuration
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
700102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700102
Debian Bug Tracking System
Contact [hidden email] with problems

Package: openssh-server
Severity: important
Tags: security patch

Hi,
the following vulnerability was published for openssh-server.

CVE-2010-5107[0]:
http://www.openwall.com/lists/oss-security/2013/02/06/5

This resulted in the following upstream changes:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

It would be also great if you could push this to stable-proposed-updates so
this is changed for wheezy.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
    http://security-tracker.debian.org/tracker/CVE-2010-5107

Please adjust the affected versions in the BTS as needed.

--
Nico Golde - http://www.ngolde.de - [hidden email] - GPG: 0xA0A0AAAA

Source: openssh
Source-Version: 1:6.1p1-3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[hidden email]> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 08 Feb 2013 21:07:31 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.1p1-3
Distribution: experimental
Urgency: low
Maintainer: Debian OpenSSH Maintainers <[hidden email]>
Changed-By: Colin Watson <[hidden email]>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 700102
Changes:
 openssh (1:6.1p1-3) experimental; urgency=low
 .
   * Give ssh and ssh-krb5 versioned dependencies on openssh-client and
     openssh-server, to try to reduce confusion when people run 'apt-get
     install ssh' or similar and expect that to upgrade everything relevant.
   * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
     to 10:30:100 (closes: #700102).
Checksums-Sha1:
 eeb38de8b72ca118b40bf429a4a10383adc948dc 2556 openssh_6.1p1-3.dsc
 f7a5b1555a20c41188e1656b46fc610a34b475d5 249520 openssh_6.1p1-3.debian.tar.gz
 5ead240be0aea5c9b70d40e35aa3bd5863ffcc8a 1055940 openssh-client_6.1p1-3_i386.deb
 2c15da512363ab0c234fff29d5882edc5facc7cb 344980 openssh-server_6.1p1-3_i386.deb
 e53ceb8761fd33f38ab8c429b71bbda8af5fb290 1258 ssh_6.1p1-3_all.deb
 14c3d4f7798663e62403542fca5953b734c3db06 93034 ssh-krb5_6.1p1-3_all.deb
 4254c3bb3040b32e991163c25cdd6e5e2dd4ccf0 100988 ssh-askpass-gnome_6.1p1-3_i386.deb
 e3592d4afe31a2aef42fa91204f7ca28fed5aad3 181878 openssh-client-udeb_6.1p1-3_i386.udeb
 3c976e70527cf7f35eb2422ffcd1930fff73a071 195648 openssh-server-udeb_6.1p1-3_i386.udeb
Checksums-Sha256:
 10dd2e0e8662220cff3cd477accdd575a37504986fb816302f559a12f689fe12 2556 openssh_6.1p1-3.dsc
 319d082859b0b44b82b5b35e97d52fc4456009f8320fd78f14071b0efd6092d4 249520 openssh_6.1p1-3.debian.tar.gz
 c668e0309426f9d0ab185e1936eac7142ab4c2e508765982d1939a362aad1edf 1055940 openssh-client_6.1p1-3_i386.deb
 f7ea9dd6546a33adc0b3a7a4df2a068b65da717964a12f46094b85842f85eddb 344980 openssh-server_6.1p1-3_i386.deb
 f49b43dd5feed06b631a8f0309b698558230b0ec366880d4492b823221d453dc 1258 ssh_6.1p1-3_all.deb
 748bd5e72e79e0dedc4c79f428eace89d154529932988aed17d5da2a4ff2b89f 93034 ssh-krb5_6.1p1-3_all.deb
 85085eaa4f7c0e64ed7542aa9b55b00aacbd4468765dc9c6efcaba2cceb6598c 100988 ssh-askpass-gnome_6.1p1-3_i386.deb
 66244f51eeb2d70b214d35994f34e88549fa0f8ff1705a6341d176b104ccf355 181878 openssh-client-udeb_6.1p1-3_i386.udeb
 33223d154e17f9069e93ea9e9606a8342aadc3e6332fb98b707c20823bf041f1 195648 openssh-server-udeb_6.1p1-3_i386.udeb
Files:
 3eab7d38b6471015beeb747f2cd5be5e 2556 net standard openssh_6.1p1-3.dsc
 71664317fdb3b5e81a3c919b595cb3c2 249520 net standard openssh_6.1p1-3.debian.tar.gz
 327e94d49c040091f8b947f66ffc8ab5 1055940 net standard openssh-client_6.1p1-3_i386.deb
 e3b46fed288b951ccdb200ae9f2ce511 344980 net optional openssh-server_6.1p1-3_i386.deb
 0f145e949e4330f3d01dd8752793ddae 1258 net extra ssh_6.1p1-3_all.deb
 5b460dc6032ab534aa177693b67e0d8c 93034 oldlibs extra ssh-krb5_6.1p1-3_all.deb
 8468f13626ad3ddc8bf60219d197298b 100988 gnome optional ssh-askpass-gnome_6.1p1-3_i386.deb
 9e60a8dc6ac5c30ad5c8dc5c2938e84d 181878 debian-installer optional openssh-client-udeb_6.1p1-3_i386.udeb
 37395755c815dc519fc0fc441b2ee82d 195648 debian-installer optional openssh-server-udeb_6.1p1-3_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <[hidden email]> -- Debian developer

iQIVAwUBURVsajk1h9l9hlALAQgAOA/+K0+l8GjzkoyKe3LvpPitF/zzaNYulte7
Kmqm8GpGAiZsJpK+12ELKZtg83ohUhUWkeR0sODp8rt8Kzln+bkAVaENrlC/UYCJ
0n4tIBu7tItOFBvp70YtTgTw+Gj2KrhQm5apHYxtRlNSn/SD82UL91PJHPvF5aRe
HwCnbVImuRKP/6DpPRE1HxIvzeh36EW1ueHszfacqii+dnO4LYDKtKTzLQ7Tf50k
sbKUBtoOb81HmlbK6z5I+RXyczOWuZHd1dxC/2YDWb4/IPsm2yOmtWa9K9+BFfxk
DXs/+jS/U14xvrRXtH4SjyIpuEVTjOwFB6YpQT1J1Vw43Pit2iy71oFrZcuqFnpi
BXVmzr1e2Yujx4LVccrpLWox+gzhRYcbYLeEPClAVLVIyDxMEjIyVEKVfrQ9QXpj
EvpoS9Ko6rMoTSzaugvCBiUKLTHu1YXLzR1NplhLDkd+dAPItZneqVxdNduCLVtD
usz6+ZDuy4+YOSfW9b/GA0D1w6ACfOYf30CRd+W+9TSZR7GJ80VNAVK4ovNaK4Ba
PVjvHOR4ubefQS3BIcAm+bUdIKHTO4Qd86w6Nhbbabaju4TPvZQ0oIzQiW4ns93L
gbHtkpSAxbEX2s39B1ipkTNQR4MxIGdGQf6IAg64D2xNH7dspgoNVa8I3H4E70aI
jY74iBkbdXM=
=iIIk
-----END PGP SIGNATURE-----

attachment0 (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bug#700102: marked as done (openssh: CVE-2010-5107 trivial DoS due to default configuration)

Debian Bug Tracking System
In reply to this post by Nico Golde-6
Your message dated Fri, 08 Feb 2013 21:48:28 +0000
with message-id <[hidden email]>
and subject line Bug#700102: fixed in openssh 1:6.0p1-4
has caused the Debian Bug report #700102,
regarding openssh: CVE-2010-5107 trivial DoS due to default configuration
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
700102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700102
Debian Bug Tracking System
Contact [hidden email] with problems

Package: openssh-server
Severity: important
Tags: security patch

Hi,
the following vulnerability was published for openssh-server.

CVE-2010-5107[0]:
http://www.openwall.com/lists/oss-security/2013/02/06/5

This resulted in the following upstream changes:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

It would be also great if you could push this to stable-proposed-updates so
this is changed for wheezy.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
    http://security-tracker.debian.org/tracker/CVE-2010-5107

Please adjust the affected versions in the BTS as needed.

--
Nico Golde - http://www.ngolde.de - [hidden email] - GPG: 0xA0A0AAAA

Source: openssh
Source-Version: 1:6.0p1-4

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[hidden email]> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 08 Feb 2013 21:27:00 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.0p1-4
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <[hidden email]>
Changed-By: Colin Watson <[hidden email]>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 700102
Changes:
 openssh (1:6.0p1-4) unstable; urgency=low
 .
   * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
     to 10:30:100 (closes: #700102).
Checksums-Sha1:
 506f2a3522db387a336509583a0e84ef72ab3cf6 2535 openssh_6.0p1-4.dsc
 55076a128927836a1aff21b21cc5ee3ad9d492b3 246895 openssh_6.0p1-4.debian.tar.gz
 d0a97d3b55f2f520cd5ebeee8b859f6d7d7cabc4 1045288 openssh-client_6.0p1-4_i386.deb
 c6c5acc068d1a457b3029d20eed8cfc185765d58 342402 openssh-server_6.0p1-4_i386.deb
 ef19427b0d32d3a9081d325237e39e39d71666ac 1240 ssh_6.0p1-4_all.deb
 42170861f9a644a36a8457c75c3a853462477d26 88932 ssh-krb5_6.0p1-4_all.deb
 5399797829fb107c609b1c9f11d686cf619b6dc1 96938 ssh-askpass-gnome_6.0p1-4_i386.deb
 47bced0857b65cdad55c49acf037945ed984176f 181368 openssh-client-udeb_6.0p1-4_i386.udeb
 401499c55089480770e0e05f2762ea4001aa0dbe 195020 openssh-server-udeb_6.0p1-4_i386.udeb
Checksums-Sha256:
 62be680c2404de66bb145022302675d39d3e6b0e61d274aaef68acb12474aa0b 2535 openssh_6.0p1-4.dsc
 91bc84cb122c48809febee4b97a86c815f9f6bfea3ea6a383ae7c5af2731dfcc 246895 openssh_6.0p1-4.debian.tar.gz
 ac912eb0b0aafc1395f5135a7ae2bd67d528b5969b2148c64f4d89cb0525046c 1045288 openssh-client_6.0p1-4_i386.deb
 45936efac3bae15f477abddbf42729293433fc545d3454144fd0c324fa547992 342402 openssh-server_6.0p1-4_i386.deb
 53673c5e34f97cf8b260d742321793860594b846b69b700441e9afd2b75e112e 1240 ssh_6.0p1-4_all.deb
 2c37a93935a7f329b79021c92bd1a0d5b535db82215be9378faa5124d7c1cff6 88932 ssh-krb5_6.0p1-4_all.deb
 5ac7aa82bc509de8f80887296f749e0ce3383d0caa86669c3209ea2f4e0f807b 96938 ssh-askpass-gnome_6.0p1-4_i386.deb
 6ec04ebc1cbe4ac11fd37e8ba6bb32f505d771b884362051b0c55ad694520d9b 181368 openssh-client-udeb_6.0p1-4_i386.udeb
 dd0e4f893d8ffdc40a571c658addd3fc774b4e63d4b3ac9fac72f40b9ed9701d 195020 openssh-server-udeb_6.0p1-4_i386.udeb
Files:
 4581d8ab7ec41e1761074183051ff56b 2535 net standard openssh_6.0p1-4.dsc
 d813de60b33e7efd8f8d5804cd7ae46e 246895 net standard openssh_6.0p1-4.debian.tar.gz
 e26882eea934eeddb69132d9bfaf73fb 1045288 net standard openssh-client_6.0p1-4_i386.deb
 59fd4f9e6cd68bbf66657b2e54f6f810 342402 net optional openssh-server_6.0p1-4_i386.deb
 a463c9241b8ad460bcf25be5f9e3a754 1240 net extra ssh_6.0p1-4_all.deb
 640a634ed7e474d5bf596ac3dab5fa10 88932 oldlibs extra ssh-krb5_6.0p1-4_all.deb
 0d4f33710f6d57f54fa6c9fdf545cde7 96938 gnome optional ssh-askpass-gnome_6.0p1-4_i386.deb
 f44298ac9bf5720ed97e5de128a258d9 181368 debian-installer optional openssh-client-udeb_6.0p1-4_i386.udeb
 c07b8bd5ecc16e99a2ea58328f9bb245 195020 debian-installer optional openssh-server-udeb_6.0p1-4_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <[hidden email]> -- Debian developer

iQIVAwUBURVvETk1h9l9hlALAQjCgQ/8CnegANXd3AaPvBMhuUknZRBSgh9w6POi
jvbw/XXkSbYtH3/HyMe/PPhYptJQ2lm8oobNmq6l/RaxkAjQxwGZwlkklICuVjOo
fmzs7OA6vLIfPH/CuBSmoO8IRhe4YrYLAY8jZfajICe6CmzBHcnTbXMQz+QmXjY9
IkYLz73JArBppfXeTR807TokerjZRJsHOmGapRbGOwQcAWuySXZH5df+bs3qcyZP
b4X+w39AiaGLl1LMJTHiVaPBU8w+MJYGPRfUiFrDwIDfBOmVZ3HWdf2nxfj9HvSH
d9K0gaI2Sl1Om2e/WaDhyVOneR3++eDQujfzLBw4NOol3K5wQHwRCAFwPYKtpcLj
NvK8b2eKi+n/M++6Kbz7GAmvlWJApgiyqLfCYg2GZRvZeYtU9nilt/8/r2K5z+6Z
fvbwwTH5UbN/9Qyf0GzkYahx/bRZqeVEDVnXEfx9ZNOB9C2IKwP+pXmMg3+k/hMZ
fDjGY5ACI4jxDcakxZSkFaEVCpeJ2LSow+ZkwglVZyydu4PsH84T6W6C/N5xfimI
ZFPB+1T3UK5L4v1Bzp9IX8b7b1EejhmZj6AKlhUYuEfZHxBzsyPkUWXJ3qwa0Sx0
1dKdL1OoE0KR0xyxL22FqRCvUyUIEFcFJOpYRe7ZEtilSM3L5cCzB53WbgAxbhzu
PC3XaECZ6Oc=
=XhWj
-----END PGP SIGNATURE-----

attachment0 (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bug#700102: marked as done (openssh: CVE-2010-5107 trivial DoS due to default configuration)

Debian Bug Tracking System
In reply to this post by Nico Golde-6
Your message dated Sun, 10 Feb 2013 15:47:04 +0000
with message-id <[hidden email]>
and subject line Bug#700102: fixed in openssh 1:5.5p1-6+squeeze3
has caused the Debian Bug report #700102,
regarding openssh: CVE-2010-5107 trivial DoS due to default configuration
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
700102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700102
Debian Bug Tracking System
Contact [hidden email] with problems

Package: openssh-server
Severity: important
Tags: security patch

Hi,
the following vulnerability was published for openssh-server.

CVE-2010-5107[0]:
http://www.openwall.com/lists/oss-security/2013/02/06/5

This resulted in the following upstream changes:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

It would be also great if you could push this to stable-proposed-updates so
this is changed for wheezy.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
    http://security-tracker.debian.org/tracker/CVE-2010-5107

Please adjust the affected versions in the BTS as needed.

--
Nico Golde - http://www.ngolde.de - [hidden email] - GPG: 0xA0A0AAAA

Source: openssh
Source-Version: 1:5.5p1-6+squeeze3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[hidden email]> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 08 Feb 2013 21:39:15 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.5p1-6+squeeze3
Distribution: stable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <[hidden email]>
Changed-By: Colin Watson <[hidden email]>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 700102
Changes:
 openssh (1:5.5p1-6+squeeze3) stable; urgency=low
 .
   * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
     to 10:30:100 (closes: #700102).
Checksums-Sha1:
 1d648deef18826e6a7cb330c05763b46a6ce0644 2287 openssh_5.5p1-6+squeeze3.dsc
 90389a798e90be976a568072e9ff7cabe5e85c43 238012 openssh_5.5p1-6+squeeze3.debian.tar.gz
 12b2552fc295f69179aa241db20bf2f8d582ac9b 882070 openssh-client_5.5p1-6+squeeze3_i386.deb
 9825dee65c5b0ff963d6a34ad953c1cc997ae7c6 298278 openssh-server_5.5p1-6+squeeze3_i386.deb
 de1fb70236fb8bb1ab240433c746f9e79bfc6b99 1248 ssh_5.5p1-6+squeeze3_all.deb
 c5a19084043a737340c400f1e0776bb0c174e1fb 95954 ssh-krb5_5.5p1-6+squeeze3_all.deb
 b64f0155892439ecb7675cede5ce3b7966518f13 103752 ssh-askpass-gnome_5.5p1-6+squeeze3_i386.deb
 b45ef2f1a7e457361b80d427ce3b7891b797034c 194900 openssh-client-udeb_5.5p1-6+squeeze3_i386.udeb
 997a29605ddd5f0dc5bac5fd5592905033d1a91e 218666 openssh-server-udeb_5.5p1-6+squeeze3_i386.udeb
Checksums-Sha256:
 ce83398eeb8ae83cb96339e172b12d390d5642f58c8887d935f43a48f92808b2 2287 openssh_5.5p1-6+squeeze3.dsc
 bfe5f4022d1b0ed23bc0093a9cbce2e2181e0b88c7a1b53fadec0bee6de9b1b2 238012 openssh_5.5p1-6+squeeze3.debian.tar.gz
 d2256d2c1f707112e5925f232500ec746d243d81506185ea08fd5c269e0fc96f 882070 openssh-client_5.5p1-6+squeeze3_i386.deb
 3438ee21091d640542c1ec34608ff76c021be29db60af470bc042c525d222985 298278 openssh-server_5.5p1-6+squeeze3_i386.deb
 d918d44119b71df126d9a3160ad9004cfec07174b2560fdab7635e76ad05d92f 1248 ssh_5.5p1-6+squeeze3_all.deb
 fce90648ba41ee100d5390ae7e2551dd103045b77cb9f5b99d573cdd15255973 95954 ssh-krb5_5.5p1-6+squeeze3_all.deb
 4b6b5f29cd16fad211ebda8a2f037dc035dfdb08032ce556a72f6f77b4172755 103752 ssh-askpass-gnome_5.5p1-6+squeeze3_i386.deb
 212788e9af98196721eecedebb8fd0592303cf76798430918d4d91fb90b5e429 194900 openssh-client-udeb_5.5p1-6+squeeze3_i386.udeb
 9565b26c82f36c7bc8ca51a6e42dfa88844fa5bb6f81455cb784639ca3bf313e 218666 openssh-server-udeb_5.5p1-6+squeeze3_i386.udeb
Files:
 ac82d9ac4d5549cdd1153d685bbcbf7a 2287 net standard openssh_5.5p1-6+squeeze3.dsc
 2598ecae68283c3fece59aac87f420e0 238012 net standard openssh_5.5p1-6+squeeze3.debian.tar.gz
 2aa77cba399b83aa5a82f40843f5a6b9 882070 net standard openssh-client_5.5p1-6+squeeze3_i386.deb
 a7d7b5c480c3dab0deb5b827dec2323b 298278 net optional openssh-server_5.5p1-6+squeeze3_i386.deb
 7e69a90dd9078db04ab697f453f34b35 1248 net extra ssh_5.5p1-6+squeeze3_all.deb
 c2463e179c99adec319d365cf87ba0b2 95954 net extra ssh-krb5_5.5p1-6+squeeze3_all.deb
 9409f7b40e4e604a63a9e20c23f2d56e 103752 gnome optional ssh-askpass-gnome_5.5p1-6+squeeze3_i386.deb
 2890144d1d72fffc42aad700c5de01f4 194900 debian-installer optional openssh-client-udeb_5.5p1-6+squeeze3_i386.udeb
 b1af6237668480b775c6abfcd4d33822 218666 debian-installer optional openssh-server-udeb_5.5p1-6+squeeze3_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <[hidden email]> -- Debian developer

iQIVAwUBURVzRzk1h9l9hlALAQhVGg//QrUHkQp9pqz5H4u4sev9Y9rFBVTmM+in
dX8wclXhNrBX93K0mX0y/M6uaWRvo8+8ebwH74LC2HZgbiGXjUcn6jPaBYyEavVP
zq454J35Okohi6VeVLvJ6udUFxA4tWP0DgEerRZjwsMkKOiN6oXq05/oTgt+/ZyC
eo3688ZHG9ayM28oKcppnoglSvdN7r3CkWwCrfiKUGUXY9UGS39Eyc2ksYwH4iu2
vkMv9pfjh8pKVGwz+wpupxCWPfuj+nQcu9luX/aPLLuh7sMuW5ytAR4tR+9dldde
5c93HfGK3G4t2qXIsJjR1CNDeDV1CFtkczXB1DS+h1RggOn1UViMVMbTxfQENuC/
90afb57rkYjm5P3gT2ksh4ACOwh6LgC2/rKjd5L3KO4lpfeA0IKeFSG0tktbX/3Y
XPD6Rj7n4xi1UfIc9VQR2CtcmS12/zJin5I5Did4VCA6smpzoPcZ08E3P5qqy8Df
x9wtp+TQxd226fBcErYA7JuCHmcNf0n3qIlIL/kxJ9MbThiry+G6I77b5nx/59NA
jewcPdggnskHCVlbzoPwv70XNYgaa+7zQTed3yXMIx0/aBzUXlcjqa9f+Op8xZ/l
zc9VmvG0IDk+w0tO23oY85sLflqCDU/Oztwt4U6ZXPVKJTFF9AZ420IiwQJHdmzb
vA9o1m/JOp0=
=qnu4
-----END PGP SIGNATURE-----

attachment0 (205 bytes) Download Attachment
Loading...