Bug#462446: openssh-server: PermitRootLogin option set to yes

[Grzegorz Zur <grzegorz.zur@gmail.com>]

Package: openssh-server
Version: 1:4.7p1-2
Severity: critical
Tags: security
Justification: root security hole

Value of 'PermitRootLogin' option is set to 'yes' by 'postinst' script. 
See 'postinst' script line 265.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser               3.105              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.17             Debian configuration management sy
ii  dpkg                  1.14.7             package maintenance system for Deb
ii  libc6                 2.7-6              GNU C Library: Shared libraries
ii  libcomerr2            1.40.3-1           common error description library
ii  libkrb53              1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii  libpam-modules        0.99.7.1-5         Pluggable Authentication Modules f
ii  libpam-runtime        0.99.7.1-5         Runtime support for the PAM librar
ii  libpam0g              0.99.7.1-5         Pluggable Authentication Modules l
ii  libselinux1           2.0.15-2+b1        SELinux shared libraries
ii  libssl0.9.8           0.9.8g-4           SSL shared libraries
ii  libwrap0              7.6.dbs-14         Wietse Venema's TCP wrappers libra
ii  lsb-base              3.1-24             Linux Standard Base 3.1 init scrip
ii  openssh-client        1:4.7p1-2          secure shell client, an rlogin/rsh
ii  zlib1g                1:1.2.3.3.dfsg-11  compression library - runtime

openssh-server recommends no packages.

-- debconf information excluded