ssh2 2.0.13-6 vulnerable to crc32 compensation attack ?

To: packages@qa.debian.org
Subject: ssh2 2.0.13-6 vulnerable to crc32 compensation attack ?
From: Philipp Haeuser <birdy@epost.de>
Date: Fri, 14 Dec 2001 15:54:59 +0100
Message-id: <[🔎] 3C1A12C3.89D52978@epost.de>

Hi -

Is ssh2 2.0.13-6 (the debian/unstable package from
packages.debian.org) vulnerable to the crc32 compensation
attack described here ?

http://razor.bindview.com/publish/advisories/adv_ssh1crc.html

How about the ssh 1:1.2.3-9.3 and ssh-nonfree 1.2.27-6.1 packages
(debian/stable from packages.debian.org), are they safe regarding
this attack?

Thanks for your help.

Regards
Philipp Haeuser

Reply to:

Follow-Ups:
- Re: ssh2 2.0.13-6 vulnerable to crc32 compensation attack ?
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Bug#123750: youbin_3.4-1(unstable/i386): fails to build from source
Next by Date: Re: ssh2 2.0.13-6 vulnerable to crc32 compensation attack ?
Previous by thread: Re: qa.debian.org website status
Next by thread: Re: ssh2 2.0.13-6 vulnerable to crc32 compensation attack ?
Index(es):
- Date
- Thread