[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#211434: marked as done (more ssh memory management fun)

Your message dated Fri, 19 Sep 2003 06:02:32 -0400
with message-id <E1A0I5w-00041N-00@auric.debian.org>
and subject line Bug#211434: fixed in openssh 1:3.6.1p2-9
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Sep 2003 19:05:43 +0000
>From brianr@osiris.978.org Wed Sep 17 14:05:25 2003
Return-path: <brianr@osiris.978.org>
Received: from h006067091a61.ne.client2.attbi.com (osiris.978.org) [24.147.172.248] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 19zhcB-0006qF-00; Wed, 17 Sep 2003 14:05:23 -0500
Received: (qmail 11196 invoked by uid 1000); 17 Sep 2003 19:05:19 -0000
Date: Wed, 17 Sep 2003 15:05:19 -0400
From: Brian Ristuccia <brian@ristuccia.com>
To: submit@bugs.debian.org
Subject: more ssh memory management fun
Message-ID: <[🔎] 20030917190519.GX19245@osiris.978.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Debbugs-Cc: security@debian.org
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0
	tests=HAS_PACKAGE
	version=2.53-bugs.debian.org_2003_9_16
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_9_16 (1.174.2.15-2003-03-30-exp)

Package: ssh
Version: 1:3.4p1-1.woody.2

It looks like even after the two updates in the past two days there's still
more suspect memory management code in OpenSSH. See yet another OpenSSH
security advisory at

http://www.openpkg.org/security/OpenPKG-SA-2003.040-openssh.html

As if you folks haven't been busy enough lately. Good luck. 

-- 
Brian Ristuccia
brian@ristuccia.com
bristucc@cs.uml.edu

---------------------------------------
Received: (at 211434-close) by bugs.debian.org; 19 Sep 2003 10:08:35 +0000
>From katie@auric.debian.org Fri Sep 19 05:08:35 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1A0IBn-0002nT-00; Fri, 19 Sep 2003 05:08:35 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
	id 1A0I5w-00041N-00; Fri, 19 Sep 2003 06:02:32 -0400
From: Colin Watson <cjwatson@debian.org>
To: 211434-close@bugs.debian.org
X-Katie: $Revision: 1.35 $
Subject: Bug#211434: fixed in openssh 1:3.6.1p2-9
Message-Id: <E1A0I5w-00041N-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Fri, 19 Sep 2003 06:02:32 -0400
Delivered-To: 211434-close@bugs.debian.org

Source: openssh
Source-Version: 1:3.6.1p2-9

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh_3.6.1p2-9.diff.gz
  to pool/main/o/openssh/openssh_3.6.1p2-9.diff.gz
openssh_3.6.1p2-9.dsc
  to pool/main/o/openssh/openssh_3.6.1p2-9.dsc
ssh-askpass-gnome_3.6.1p2-9_i386.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.6.1p2-9_i386.deb
ssh_3.6.1p2-9_i386.deb
  to pool/main/o/openssh/ssh_3.6.1p2-9_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 211434@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 19 Sep 2003 10:25:25 +0100
Source: openssh
Binary: ssh-askpass-gnome ssh
Architecture: source i386
Version: 1:3.6.1p2-9
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 211434
Changes: 
 openssh (1:3.6.1p2-9) unstable; urgency=high
 .
   * Merge even more buffer allocation fixes from upstream (CAN-2003-0682;
     closes: #211434).
Files: 
 8bcb3dcb3be2a62d3ea5e59109601a6f 847 net standard openssh_3.6.1p2-9.dsc
 e479a2954c7ba0701e44edf3f8990568 81461 net standard openssh_3.6.1p2-9.diff.gz
 b1a5b45ee6c7ebebbd9dbb7fb3c7dcd7 650420 net standard ssh_3.6.1p2-9_i386.deb
 cb35e0fdc8676de69939f368cce1b015 43112 gnome optional ssh-askpass-gnome_3.6.1p2-9_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQE/atJl9t0zAhD6TNERAtmpAJwNcKeviDtNNdQVZJNQQaNkKo8diwCffUCt
Mlt1pdTdbNho0Qi7NjP4d2E=
=2byE
-----END PGP SIGNATURE-----
Reply to: