[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#506115: openssh: Plaintext Recovery Attack Against SSH

On Tue, Nov 18, 2008 at 10:44:02PM +0900, Hideki Yamane wrote:
> package: openssh
> servity: grave
> tag: security upstream
> Hi OpenSSH package maintainers (and lists),
>  I saw new OpenSSH vulnerability issue.
>  See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
>  It says
> "The attack was verified against the following product version running on Debian GNU/Linux:
> - OpenSSH 4.7p1
> Other versions are also affected. Other implementations of the SSH
> protocol may also be affected."
>  and upstream was reported this issue by CPNI (they say). IMHO, we should
>  contact to upstream and wait to be put a solution from them.

I'm aware of this and would be absolutely astonished if upstream
weren't; I'm keeping an eye on CVS for an update.


Colin Watson                                       [cjwatson@debian.org]

Reply to: