Re: Regarding CVE-2006-4925

To: Alicia Smith <asmith@neospire.net>
Cc: debian-ssh@lists.debian.org, security@debian.org
Subject: Re: Regarding CVE-2006-4925
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 17 Mar 2010 23:53:23 +0000
Message-id: <[🔎] 20100317235323.GA6741@master.debian.org>
In-reply-to: <[🔎] 6A3A614337E86B4AB7C06A54F5BA85180311E776@neoexchange.corp.neospire.net>
References: <[🔎] 6A3A614337E86B4AB7C06A54F5BA85180311E776@neoexchange.corp.neospire.net>

On Wed, Mar 10, 2010 at 11:56:39AM -0600, Alicia Smith wrote:
> I would like to know if the latest Lenny package is vulnerable as
> indicated in CVE-2006-4925.
> 
> The security-tracker is showing conflicting information and I can't seem
> to find a bug-report on this.

This vulnerability was fixed upstream in OpenSSH 4.4p1.  Lenny has
OpenSSH 5.1p1, which includes this fix.

I'm not sure we ever issued a DSA for this, and I apparently didn't
record it in the package changelog, so CCing security@d.o in case some
bit of tracking metadata needs to be updated somewhere.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: Regarding CVE-2006-4925
  - From: Thijs Kinkhorst <thijs@debian.org>

References:
- Regarding CVE-2006-4925
  - From: "Alicia Smith" <asmith@neospire.net>

Prev by Date: Bug#574035: openssh-server: sshd_config(5) should mention that the server needs xauth for X11 forwarding
Next by Date: Re: Regarding CVE-2006-4925
Previous by thread: Regarding CVE-2006-4925
Next by thread: Re: Regarding CVE-2006-4925
Index(es):
- Date
- Thread