Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

To: debian-security@lists.debian.org
Subject: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
From: Niko Thome <niko.thome@1und1.de>
Date: Tue, 30 Jun 2009 11:12:00 +0200
Message-id: <[🔎] 4A49D6E0.3020906@1und1.de>

Hello List,

I stumbled upon a vulnerability in OpenSSH reported back in November
2008. http://www.securityfocus.com/bid/32319

I was a bit concerned about that flaw, and tried to find out if it is
fixed due a backport of some openSSH 5.2 upstream code. But I didn't
find neither a bug nor a DSA for that flaw.

Can you tell me how this bug is handled by Debian?

Thank you!

Niko

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
  - From: Nico Golde <debian-security+ml@ngolde.de>

Prev by Date: Point release of Lenny
Next by Date: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
Previous by thread: Point release of Lenny
Next by thread: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
Index(es):
- Date
- Thread