Bug#397961: openssh-server: security problem fixed in version 4.5

[Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>]

Package: openssh-server
Version: 1:4.3p2-5.1
Severity: important


Hi,

here is the announcement:

  http://www.openssh.org/txt/release-4.5


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-2-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages openssh-server depends on:
ii  adduser  3.99                            Add and remove users and groups
ii  debconf  1.5.8                           Debian configuration management sy
ii  dpkg     1.13.24                         package maintenance system for Deb
ii  libc6    2.5-0exp3                       GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.10.02+dfsg-2 common error description library
ii  libkrb53 1.4.4-4                         MIT Kerberos runtime libraries
ii  libpam-m 0.79-4                          Pluggable Authentication Modules f
ii  libpam-r 0.79-4                          Runtime support for the PAM librar
ii  libpam0g 0.79-4                          Pluggable Authentication Modules l
ii  libselin 1.32-3                          SELinux shared libraries
ii  libssl0. 0.9.8c-3                        SSL shared libraries
ii  libwrap0 7.6.dbs-11                      Wietse Venema's TCP wrappers libra
ii  openssh- 1:4.3p2-5.1                     Secure shell client, an rlogin/rsh
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-server recommends no packages.

-- debconf information:
* ssh/insecure_rshd:
* ssh/forward_warning:
  ssh/encrypted_host_key_but_no_keygen:
* ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/protocol2_only: true
  ssh/disable_cr_auth: false