[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please review openssh/1:3.8.1p1-8.sarge.4

On Sat, Dec 04, 2004 at 10:28:46AM +0000, Colin Watson wrote:
> openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high

>   * Fix timing information leak allowing discovery of invalid usernames in
>     PAM keyboard-interactive authentication (backported from a patch by
>     Darren Tucker; closes: #281595).
>   * Make sure that there's a delay in PAM keyboard-interactive
>     authentication when PermitRootLogin is not set to yes and the correct
>     root password is entered (closes: #248747).

>  -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 12:37:16 +0000

> This doesn't seem to have introduced any new regressions, and I consider
> the two information leaks to be security issues.


Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: