Re: CVE-2006-4925: Need more Info

To: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2006-4925: Need more Info
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 10 Mar 2010 13:15:15 -0500
Message-id: <20100310131515.e01974af.michael.s.gilbert@gmail.com>
In-reply-to: <6A3A614337E86B4AB7C06A54F5BA85180311E774@neoexchange.corp.neospire.net>
References: <6A3A614337E86B4AB7C06A54F5BA85180311E774@neoexchange.corp.neospire.net>

> Hello #debian-security. I have a couple of questions regarding the
> security-tracker and how it displays information.
> 
> For example: http://security-tracker.debian.org/tracker/CVE-2006-4925

hi,

that sort of tracking means that the issue is indeed unaddressed, but
it has been deemed unimportant (i.e. of little practical relevance), so
no work has been done to try to fix the problem.

we should probably update the wording at the top of the page for
such issues, and i'll take a look at that at some point.

that particular issue is unimportant because an openssh crash itself
is not a big deal.  the user can easily just reestablish their
connection if a remote attacker does take advantage of this issue.

hope this is helpful.  best wishes,
mike

Reply to:

References:
- CVE-2006-4925: Need more Info
  - From: "Alicia Smith" <asmith@neospire.net>

Prev by Date: CVE-2006-4925: Need more Info
Next by Date: Re: CVE-2006-4925: Need more Info
Previous by thread: CVE-2006-4925: Need more Info
Next by thread: Re: CVE-2006-4925: Need more Info
Index(es):
- Date
- Thread