[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#506115: openssh: Plaintext Recovery Attack Against SSH

Colin Watson wrote:
> On Sat, Jan 02, 2010 at 12:30:50AM +0100, Luk Claes wrote:
> > Colin Watson wrote:
> > > On Wed, Jul 01, 2009 at 12:09:24AM +0200, Luk Claes wrote:
> > >> Can you please send an update to this bug and tell me whether you think
> > >> it warrants an update to proposed-updates (to include it in the next
> > >> point release), TIA?
> > > 
> > > I think the patch Moritz linked to earlier is fine for proposed-updates,
> > > and probably worth it; I backported it in openssh 1:5.1p1-5 as well.
> > > 
> > > (My apologies for not replying earlier. I somehow missed this ...)
> > 
> > Ok, please upload.
> 
> *looks*
> 
> Err, hang on. As I said, I backported it in openssh 1:5.1p1-5, which is
> the version in stable. That means there's nothing to do, right?
> 
>   http://bzr.debian.org/loggerhead/pkg-ssh/openssh/trunk/revision/3292

Doh, you're right. I missed that this was fixed during the freeze. Adding
this to Etch isn't worth the effort, since support for Etch ends in month
anyway.

Cheers,
        Moritz
Reply to: