Bug#506115: openssh: Plaintext Recovery Attack Against SSH

To: Hideki Yamane <henrich@debian.or.jp>, 506115@bugs.debian.org
Subject: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 18 Nov 2008 14:40:48 +0000
Message-id: <[🔎] 20081118144048.GW4735@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 506115@bugs.debian.org
In-reply-to: <[🔎] 20081118224402.62f86482.henrich@debian.or.jp>
References: <[🔎] 20081118224402.62f86482.henrich@debian.or.jp>

On Tue, Nov 18, 2008 at 10:44:02PM +0900, Hideki Yamane wrote:
> package: openssh
> servity: grave
> tag: security upstream
> 
> Hi OpenSSH package maintainers (and lists),
> 
>  I saw new OpenSSH vulnerability issue.
>  See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
> 
>  It says
> "The attack was verified against the following product version running on Debian GNU/Linux:
> 
> - OpenSSH 4.7p1
> 
> Other versions are also affected. Other implementations of the SSH
> protocol may also be affected."
> 
>  and upstream was reported this issue by CPNI (they say). IMHO, we should
>  contact to upstream and wait to be put a solution from them.

I'm aware of this and would be absolutely astonished if upstream
weren't; I'm keeping an eye on CVS for an update.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#506115: openssh: Plaintext Recovery Attack Against SSH
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#506115: openssh: Plaintext Recovery Attack Against SSH
  - From: Hideki Yamane <henrich@debian.or.jp>

Prev by Date: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Next by Date: Bug#495917: [openssh] netscreen complete fix patch
Previous by thread: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Next by thread: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Index(es):
- Date
- Thread