Bug#211351: ssh: Security - DSA-382-1 is based on 1st (obsolete revision) of OpenSSH Security advisory

To: Dariusz Puchalak <scorpius@aqua.aspd.pwr.wroc.pl>, 211351@bugs.debian.org
Subject: Bug#211351: ssh: Security - DSA-382-1 is based on 1st (obsolete revision) of OpenSSH Security advisory
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 17 Sep 2003 10:36:13 +0100
Message-id: <[🔎] 20030917093612.GA10460@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 211351@bugs.debian.org
In-reply-to: <[🔎] 20030917090529.AF32926414@aqua.aspd.pwr.wroc.pl>
References: <[🔎] 20030917090529.AF32926414@aqua.aspd.pwr.wroc.pl>

On Wed, Sep 17, 2003 at 11:05:29AM +0200, Dariusz Puchalak wrote:
> Package: ssh
> Version: 1:3.4p1-1.1
> Severity: critical
> 
> Security pacth is based on 1st revision of OpenSSH Security Advisory:
> buffer.adv
> Now, 2nd version is available see: http://www.openssh.com/txt/buffer.adv
> 
> According to this advisory Debian package SSH 1:3.4p1-1.1 is still
> vulnerable.

This was discussed last night, and I understand that a new version is
being prepared by the security team.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Bug#211351: ssh: Security - DSA-382-1 is based on 1st (obsolete revision) of OpenSSH Security advisory
  - From: Dariusz Puchalak <scorpius@aqua.aspd.pwr.wroc.pl>

Prev by Date: Bug#211356: ssh: package in woody-proposed-updates overwrites security fixed package from security.debian.org!
Next by Date: Accepted openssh 1:3.4p1-1.woody.2 (source)
Previous by thread: Bug#211351: ssh: Security - DSA-382-1 is based on 1st (obsolete revision) of OpenSSH Security advisory
Next by thread: Bug#211351: marked as done (ssh: Security - DSA-382-1 is based on 1st (obsolete revision) of OpenSSH Security advisory)
Index(es):
- Date
- Thread