Re: Please review openssh/1:3.8.1p1-8.sarge.4

To: debian-release@lists.debian.org
Subject: Re: Please review openssh/1:3.8.1p1-8.sarge.4
From: Steve Langasek <vorlon@debian.org>
Date: Fri, 17 Dec 2004 12:53:13 -0800
Message-id: <[🔎] 20041217205310.GF30460@quetzlcoatl.dodds.net>
Mail-followup-to: debian-release@lists.debian.org
In-reply-to: <[🔎] 20041204102845.GA23014@riva.ucam.org>
References: <[🔎] 20041204102845.GA23014@riva.ucam.org>

On Sat, Dec 04, 2004 at 10:28:46AM +0000, Colin Watson wrote:
> openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high

>   * Fix timing information leak allowing discovery of invalid usernames in
>     PAM keyboard-interactive authentication (backported from a patch by
>     Darren Tucker; closes: #281595).
>   * Make sure that there's a delay in PAM keyboard-interactive
>     authentication when PermitRootLogin is not set to yes and the correct
>     root password is entered (closes: #248747).

>  -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 12:37:16 +0000

> This doesn't seem to have introduced any new regressions, and I consider
> the two information leaks to be security issues.

Approved.

Cheers,
-- 
Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Please review openssh/1:3.8.1p1-8.sarge.4
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Please refrain from non-RC gcc-3.4 uploads until a new version has entered sarge
Next by Date: Re: Please allow console-data in sarge
Previous by thread: Please review openssh/1:3.8.1p1-8.sarge.4
Next by thread: scim and associated need a hint
Index(es):
- Date
- Thread