On Sat, Dec 04, 2004 at 10:28:46AM +0000, Colin Watson wrote: > openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high > * Fix timing information leak allowing discovery of invalid usernames in > PAM keyboard-interactive authentication (backported from a patch by > Darren Tucker; closes: #281595). > * Make sure that there's a delay in PAM keyboard-interactive > authentication when PermitRootLogin is not set to yes and the correct > root password is entered (closes: #248747). > -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 12:37:16 +0000 > This doesn't seem to have introduced any new regressions, and I consider > the two information leaks to be security issues. Approved. Cheers, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature