[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#483755: marked as done (openssh-client: ssh-vulnkey from lenny (testing) doesn't work with blacklists from sid)

Your message dated Sun, 3 Jan 2010 22:00:57 +0000
with message-id <20100103220057.GA26971@riva.ucam.org>
and subject line Re: Bug#483755: openssh-client: ssh-vulnkey from lenny (testing) doesn't work with blacklists from sid
has caused the Debian Bug report #483755,
regarding openssh-client: ssh-vulnkey from lenny (testing) doesn't work with blacklists from sid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
483755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483755
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-client
Version: 1:4.7p1-9
Severity: important

First, the blacklists from testing don't contain all vulnerable keys
used in practice: one needs openssh-blacklist-extra, which exists
only in sid. But ssh-vulnkey from the lenny's openssh-client package
can't find these blacklists: one always gets "Unknown (no blacklist
information)", probably because of the relocate that occurred in
openssh-blacklist 0.4.

As this has security concerns, lenny's openssh-client package should
be fixed to take care of that.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (900, 'stable'), (200, 'unstable')
Architecture: powerpc (ppc)

Kernel: Linux 2.6.25-2-powerpc
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser               3.107              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.22             Debian configuration management sy
ii  dpkg                  1.14.18            package maintenance system for Deb
ii  libc6                 2.7-10             GNU C Library: Shared libraries
ii  libcomerr2            1.40.8-2           common error description library
ii  libedit2              2.9.cvs.20050518-4 BSD editline and history libraries
ii  libkrb53              1.6.dfsg.3-2       MIT Kerberos runtime libraries
ii  libncurses5           5.6+20080308-1     Shared libraries for terminal hand
ii  libssl0.9.8           0.9.8g-10+lenny1   SSL shared libraries
ii  passwd                1:4.1.1-1          change and administer password and
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages openssh-client recommends:
ii  xauth                         1:1.0.3-1  X authentication utility

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Fri, May 30, 2008 at 11:12:14PM +0100, Colin Watson wrote:
> On Fri, May 30, 2008 at 11:21:00PM +0200, Vincent Lefevre wrote:
> > First, the blacklists from testing don't contain all vulnerable keys
> > used in practice: one needs openssh-blacklist-extra, which exists
> > only in sid. But ssh-vulnkey from the lenny's openssh-client package
> > can't find these blacklists: one always gets "Unknown (no blacklist
> > information)", probably because of the relocate that occurred in
> > openssh-blacklist 0.4.
> > 
> > As this has security concerns, lenny's openssh-client package should
> > be fixed to take care of that.
> 
> I'm trying, of course. I need to do something about bug #481860 in order
> to make that happen, or else decide it isn't all that RC after all and
> downgrade.

Lenny got the updated version quite a while ago, and released with it,
so closing this now. Thanks.

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
Reply to: