Bug#536182: rumours of openssh attack, upgrade sid?

To: Thijs Kinkhorst <thijs@debian.org>, 536182@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#536182: rumours of openssh attack, upgrade sid?
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 8 Jul 2009 10:33:17 +0100
Message-id: <[🔎] 20090708093316.GB15043@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 536182@bugs.debian.org
In-reply-to: <[🔎] a58abf67809e9f7191b86df192bd2ff8.squirrel@wm.kinkhorst.nl>
References: <[🔎] a58abf67809e9f7191b86df192bd2ff8.squirrel@wm.kinkhorst.nl>

On Wed, Jul 08, 2009 at 09:03:15AM +0200, Thijs Kinkhorst wrote:
> You may have heard of the rumours that there's a new OpenSSH exploit but
> it's unclear what this exploit actually is or whether it even exists:
> http://isc.sans.org/diary.html?storyid=6742

Quite so.

> However, one consistent claim is that the "current version" of OpenSSH
> isn't affected. It would make sense to me to get at least unstable/sid
> updated with the most recent upstream version, as it wouldn't hurt. Do you
> as openssh maintainers think you can do this in the short term? This is at
> least some potentially mitigating action we can already take.

The delay's mostly been revision control pain at my end (the package is
still in CVS and I haven't quite finished migrating it to bzr, which
migration would make things a lot easier for me). I'll look into doing
it before Debconf.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#536182: rumours of openssh attack, upgrade sid?
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Bug#536182: rumours of openssh attack, upgrade sid?
Next by Date: Bug#524423: openssh-server: force-command unable to pass arguments along to, internal-sftp
Previous by thread: Bug#536182: rumours of openssh attack, upgrade sid?
Next by thread: Bug#524423: openssh-server: force-command unable to pass arguments along to, internal-sftp
Index(es):
- Date
- Thread