Re: Regarding CVE-2006-4925
On Wed, Mar 10, 2010 at 11:56:39AM -0600, Alicia Smith wrote:
> I would like to know if the latest Lenny package is vulnerable as
> indicated in CVE-2006-4925.
>
> The security-tracker is showing conflicting information and I can't seem
> to find a bug-report on this.
This vulnerability was fixed upstream in OpenSSH 4.4p1. Lenny has
OpenSSH 5.1p1, which includes this fix.
I'm not sure we ever issued a DSA for this, and I apparently didn't
record it in the package changelog, so CCing security@d.o in case some
bit of tracking metadata needs to be updated somewhere.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: