Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

To: debian-security@lists.debian.org
Subject: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
From: Sam Kuper <sam.kuper@uclmail.net>
Date: Tue, 30 Jun 2009 11:35:51 +0100
Message-id: <[🔎] 4126b3450906300335t2ec790a0g99951f4ef1ebbecd@mail.gmail.com>
In-reply-to: <[🔎] 20090630102054.GF2803@ngolde.de>
References: <[🔎] 4A49D6E0.3020906@1und1.de> <[🔎] 20090630102054.GF2803@ngolde.de>

2009/6/30 Nico Golde <debian-security+ml@ngolde.de>

Hi,
* Niko Thome <niko.thome@1und1.de> [2009-06-30 11:47]:

> I stumbled upon a vulnerability in OpenSSH reported back in November
> 2008. http://www.securityfocus.com/bid/32319
>
> I was a bit concerned about that flaw, and tried to find out if it is
> fixed due a backport of some openSSH 5.2 upstream code. But I didn't
> find neither a bug nor a DSA for that flaw.
>
> Can you tell me how this bug is handled by Debian?

http://security-tracker.debian.net/tracker/CVE-2008-5161

Ouch! I agree with the note.

Reply to:

Follow-Ups:
- Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
  - From: Russ Allbery <rra@debian.org>

References:
- Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
  - From: Niko Thome <niko.thome@1und1.de>
- Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
  - From: Nico Golde <debian-security+ml@ngolde.de>

Prev by Date: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
Next by Date: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
Previous by thread: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
Next by thread: Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
Index(es):
- Date
- Thread