Bug#691293: unblock: mosh/1.2.3-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#691293: unblock: mosh/1.2.3-1
From: Keith Winstein <keithw@mit.edu>
Date: Tue, 23 Oct 2012 18:44:11 -0400
Message-id: <[🔎] 20121023224411.18147.98504.reportbug@trolley>
Reply-to: Keith Winstein <keithw@mit.edu>, 691293@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hello,

We respectfully request that you unblock mosh 1.2.3-1 and include it
in the wheezy release. A debdiff from mosh 1.2.2-1 is available at
http://mosh.mit.edu/mosh_1.2.2-1_to_mosh-1.2.3-1.debdiff.txt .

mosh 1.2.3 is an upstream microrelease that fixes several issues we
learned about during the first six months of widespread use. It is
well-tested and has passed the regressions tests.

Most prominently, mosh now links against OpenSSL and uses OpenSSL's
implementation of AES. Previously, Mosh 1.2.2 shipped its own AES
reference implementation for licensing reasons. The reference
implementation has been criticized for possible timing leakage, and it
is preferable to avoid shipping a duplicate cipher implementation.

Mosh 1.2.3 also includes several robustness fixes, including increased
resilience when transiting problematic NATs and VPNs and compatibility
with the KDE konsole and dual-stack IPv4/v6 sshds.

More security and robustness improvements are listed in the changelog.

I regret the lateness of this upstream release in the wheezy freeze
cycle. But given the expected lifetime of wheezy as a stable release,
upstream would much rather be supporting 1.2.3 instead of 1.2.2 for
the long term. We appreciate your consideration of our request.

unblock mosh/1.2.3-1

Reply to:

Prev by Date: Bug#689154: unblock: gnunet/0.9.3-4
Next by Date: Bug#691298: nmu: banshee_2.4.1-3
Previous by thread: Bug#691269: marked as done (unblock: megaglest/3.6.0.3-1.2)
Next by thread: Bug#691298: nmu: banshee_2.4.1-3
Index(es):
- Date
- Thread