[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On Thu, 05 Jun 2008, Vincent Lefevre wrote:
> I installed the machine on 2008-01-30 (from a CD) then upgraded
> to sid. The dpkg log says concerning the upgrades:

What CD? An Etch CD?

> 2008-01-30 23:49:03 upgrade libssl0.9.8 0.9.8c-4etch1 0.9.8g-4
> 2008-01-31 00:50:15 upgrade openssh-server 1:4.3p2-9 1:4.7p1-2
> 2008-01-31 00:50:16 upgrade openssh-client 1:4.3p2-9 1:4.7p1-2
> 2008-01-31 02:37:51 upgrade openssl 0.9.8c-4etch1 0.9.8g-4
> 
> 1:4.3p2-9 is older than 1:4.2p1-1, so there's something strange.

Yes, but the log only show the upgrade, so it might be that
1:4.3p2-9 might also be an upgrade from a previous package
and not a fresh install. (Though it wouldn't match with your explanation)

Cheers,
-- 
Raphaël Hertzog

Le best-seller français mis à jour pour Debian Etch :
http://www.ouaza.com/livre/admin-debian/
Reply to: