Bug#463011: [openssh-unix-announce] Announce: OpenSSH 5.0 released

To: openssh-unix-dev@mindrot.org
Cc: 463011@bugs.debian.org
Subject: Bug#463011: [openssh-unix-announce] Announce: OpenSSH 5.0 released
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 04 Apr 2008 11:04:05 +0100
Message-id: <[🔎] E1JhimD-00020d-00@chiark.greenend.org.uk>
Reply-to: Colin Watson <cjwatson@debian.org>, 463011@bugs.debian.org
In-reply-to: <200804031048.m33AmUdo017240@cvs.openbsd.org>

Damien Miller wrote:
>We apologise for any inconvenience resulting from this release
>being made so shortly after 4.9. Unfortunately we only learned of
>the below security issue from the public CVE report. The Debian
>OpenSSH maintainers responsible for handling the initial report of
>this bug failed to report it via either the private OpenSSH security
>contact list (openssh@openssh.com) or the portable OpenSSH Bugzilla
>(http://bugzilla.mindrot.org/).
>
>We ask anyone wishing to report security bugs in OpenSSH to please use
>the openssh@openssh.com contact and to practice responsible disclosure.

My apologies for this; after having been in a very busy period at work
for some time, I was dealing with the bug in a rush immediately before
going on holiday for a week, and a comment on the bug by that point
indicated that it had already been forwarded to Theo DeRaadt. Since that
sounded vaguely reasonable and I was short on time, I didn't think to
check further.

(The bug log indicates that a member of Red Hat's Security Response Team
was also aware of the same problem.)

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Prev by Date: Bug#463011: OpenSSH 5.0 has just been released.
Next by Date: Bug#474246: openssh-server: sshd no longer handles GSSAPIStrictAcceptorCheck no
Previous by thread: Bug#463011: OpenSSH 5.0 has just been released.
Next by thread: Bug#474246: openssh-server: sshd no longer handles GSSAPIStrictAcceptorCheck no
Index(es):
- Date
- Thread