Package: openssh-server
Severity: important
Tags: security patch
Hi,
the following vulnerability was published for openssh-server.
CVE-2010-5107[0]:
http://www.openwall.com/lists/oss-security/2013/02/06/5
This resulted in the following upstream changes:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
It would be also great if you could push this to stable-proposed-updates so
this is changed for wheezy.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
http://security-tracker.debian.org/tracker/CVE-2010-5107
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
Attachment:
pgpiwR_hKPCzs.pgp
Description: PGP signature