Your message dated Sun, 10 Feb 2013 15:47:04 +0000 with message-id <E1U4Z7Q-0007yT-Om@franck.debian.org> and subject line Bug#700102: fixed in openssh 1:5.5p1-6+squeeze3 has caused the Debian Bug report #700102, regarding openssh: CVE-2010-5107 trivial DoS due to default configuration to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 700102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700102 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: openssh: CVE-2010-5107 trivial DoS due to default configuration
- From: Nico Golde <nion@debian.org>
- Date: Fri, 8 Feb 2013 19:41:16 +0100
- Message-id: <[🔎] 20130208184115.GA11545@ngolde.de>
Package: openssh-server Severity: important Tags: security patch Hi, the following vulnerability was published for openssh-server. CVE-2010-5107[0]: http://www.openwall.com/lists/oss-security/2013/02/06/5 This resulted in the following upstream changes: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. It would be also great if you could push this to stable-proposed-updates so this is changed for wheezy. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107 http://security-tracker.debian.org/tracker/CVE-2010-5107 Please adjust the affected versions in the BTS as needed. -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAAAttachment: pgpj6D7ChhU6U.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 700102-close@bugs.debian.org
- Subject: Bug#700102: fixed in openssh 1:5.5p1-6+squeeze3
- From: Colin Watson <cjwatson@debian.org>
- Date: Sun, 10 Feb 2013 15:47:04 +0000
- Message-id: <E1U4Z7Q-0007yT-Om@franck.debian.org>
Source: openssh Source-Version: 1:5.5p1-6+squeeze3 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 700102@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 08 Feb 2013 21:39:15 +0000 Source: openssh Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:5.5p1-6+squeeze3 Distribution: stable Urgency: low Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 700102 Changes: openssh (1:5.5p1-6+squeeze3) stable; urgency=low . * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups to 10:30:100 (closes: #700102). Checksums-Sha1: 1d648deef18826e6a7cb330c05763b46a6ce0644 2287 openssh_5.5p1-6+squeeze3.dsc 90389a798e90be976a568072e9ff7cabe5e85c43 238012 openssh_5.5p1-6+squeeze3.debian.tar.gz 12b2552fc295f69179aa241db20bf2f8d582ac9b 882070 openssh-client_5.5p1-6+squeeze3_i386.deb 9825dee65c5b0ff963d6a34ad953c1cc997ae7c6 298278 openssh-server_5.5p1-6+squeeze3_i386.deb de1fb70236fb8bb1ab240433c746f9e79bfc6b99 1248 ssh_5.5p1-6+squeeze3_all.deb c5a19084043a737340c400f1e0776bb0c174e1fb 95954 ssh-krb5_5.5p1-6+squeeze3_all.deb b64f0155892439ecb7675cede5ce3b7966518f13 103752 ssh-askpass-gnome_5.5p1-6+squeeze3_i386.deb b45ef2f1a7e457361b80d427ce3b7891b797034c 194900 openssh-client-udeb_5.5p1-6+squeeze3_i386.udeb 997a29605ddd5f0dc5bac5fd5592905033d1a91e 218666 openssh-server-udeb_5.5p1-6+squeeze3_i386.udeb Checksums-Sha256: ce83398eeb8ae83cb96339e172b12d390d5642f58c8887d935f43a48f92808b2 2287 openssh_5.5p1-6+squeeze3.dsc bfe5f4022d1b0ed23bc0093a9cbce2e2181e0b88c7a1b53fadec0bee6de9b1b2 238012 openssh_5.5p1-6+squeeze3.debian.tar.gz d2256d2c1f707112e5925f232500ec746d243d81506185ea08fd5c269e0fc96f 882070 openssh-client_5.5p1-6+squeeze3_i386.deb 3438ee21091d640542c1ec34608ff76c021be29db60af470bc042c525d222985 298278 openssh-server_5.5p1-6+squeeze3_i386.deb d918d44119b71df126d9a3160ad9004cfec07174b2560fdab7635e76ad05d92f 1248 ssh_5.5p1-6+squeeze3_all.deb fce90648ba41ee100d5390ae7e2551dd103045b77cb9f5b99d573cdd15255973 95954 ssh-krb5_5.5p1-6+squeeze3_all.deb 4b6b5f29cd16fad211ebda8a2f037dc035dfdb08032ce556a72f6f77b4172755 103752 ssh-askpass-gnome_5.5p1-6+squeeze3_i386.deb 212788e9af98196721eecedebb8fd0592303cf76798430918d4d91fb90b5e429 194900 openssh-client-udeb_5.5p1-6+squeeze3_i386.udeb 9565b26c82f36c7bc8ca51a6e42dfa88844fa5bb6f81455cb784639ca3bf313e 218666 openssh-server-udeb_5.5p1-6+squeeze3_i386.udeb Files: ac82d9ac4d5549cdd1153d685bbcbf7a 2287 net standard openssh_5.5p1-6+squeeze3.dsc 2598ecae68283c3fece59aac87f420e0 238012 net standard openssh_5.5p1-6+squeeze3.debian.tar.gz 2aa77cba399b83aa5a82f40843f5a6b9 882070 net standard openssh-client_5.5p1-6+squeeze3_i386.deb a7d7b5c480c3dab0deb5b827dec2323b 298278 net optional openssh-server_5.5p1-6+squeeze3_i386.deb 7e69a90dd9078db04ab697f453f34b35 1248 net extra ssh_5.5p1-6+squeeze3_all.deb c2463e179c99adec319d365cf87ba0b2 95954 net extra ssh-krb5_5.5p1-6+squeeze3_all.deb 9409f7b40e4e604a63a9e20c23f2d56e 103752 gnome optional ssh-askpass-gnome_5.5p1-6+squeeze3_i386.deb 2890144d1d72fffc42aad700c5de01f4 194900 debian-installer optional openssh-client-udeb_5.5p1-6+squeeze3_i386.udeb b1af6237668480b775c6abfcd4d33822 218666 debian-installer optional openssh-server-udeb_5.5p1-6+squeeze3_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBURVzRzk1h9l9hlALAQhVGg//QrUHkQp9pqz5H4u4sev9Y9rFBVTmM+in dX8wclXhNrBX93K0mX0y/M6uaWRvo8+8ebwH74LC2HZgbiGXjUcn6jPaBYyEavVP zq454J35Okohi6VeVLvJ6udUFxA4tWP0DgEerRZjwsMkKOiN6oXq05/oTgt+/ZyC eo3688ZHG9ayM28oKcppnoglSvdN7r3CkWwCrfiKUGUXY9UGS39Eyc2ksYwH4iu2 vkMv9pfjh8pKVGwz+wpupxCWPfuj+nQcu9luX/aPLLuh7sMuW5ytAR4tR+9dldde 5c93HfGK3G4t2qXIsJjR1CNDeDV1CFtkczXB1DS+h1RggOn1UViMVMbTxfQENuC/ 90afb57rkYjm5P3gT2ksh4ACOwh6LgC2/rKjd5L3KO4lpfeA0IKeFSG0tktbX/3Y XPD6Rj7n4xi1UfIc9VQR2CtcmS12/zJin5I5Did4VCA6smpzoPcZ08E3P5qqy8Df x9wtp+TQxd226fBcErYA7JuCHmcNf0n3qIlIL/kxJ9MbThiry+G6I77b5nx/59NA jewcPdggnskHCVlbzoPwv70XNYgaa+7zQTed3yXMIx0/aBzUXlcjqa9f+Op8xZ/l zc9VmvG0IDk+w0tO23oY85sLflqCDU/Oztwt4U6ZXPVKJTFF9AZ420IiwQJHdmzb vA9o1m/JOp0= =qnu4 -----END PGP SIGNATURE-----
--- End Message ---