Your message dated Fri, 08 Feb 2013 21:39:15 +0000 with message-id <E1U3vf9-0008AH-Mr@franck.debian.org> and subject line Bug#700102: fixed in openssh 1:6.1p1-3 has caused the Debian Bug report #700102, regarding openssh: CVE-2010-5107 trivial DoS due to default configuration to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 700102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700102 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: openssh: CVE-2010-5107 trivial DoS due to default configuration
- From: Nico Golde <nion@debian.org>
- Date: Fri, 8 Feb 2013 19:41:16 +0100
- Message-id: <[🔎] 20130208184115.GA11545@ngolde.de>
Package: openssh-server Severity: important Tags: security patch Hi, the following vulnerability was published for openssh-server. CVE-2010-5107[0]: http://www.openwall.com/lists/oss-security/2013/02/06/5 This resulted in the following upstream changes: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. It would be also great if you could push this to stable-proposed-updates so this is changed for wheezy. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107 http://security-tracker.debian.org/tracker/CVE-2010-5107 Please adjust the affected versions in the BTS as needed. -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAAAttachment: pgpbblRUdZqbk.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 700102-close@bugs.debian.org
- Subject: Bug#700102: fixed in openssh 1:6.1p1-3
- From: Colin Watson <cjwatson@debian.org>
- Date: Fri, 08 Feb 2013 21:39:15 +0000
- Message-id: <E1U3vf9-0008AH-Mr@franck.debian.org>
Source: openssh Source-Version: 1:6.1p1-3 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 700102@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 08 Feb 2013 21:07:31 +0000 Source: openssh Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:6.1p1-3 Distribution: experimental Urgency: low Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 700102 Changes: openssh (1:6.1p1-3) experimental; urgency=low . * Give ssh and ssh-krb5 versioned dependencies on openssh-client and openssh-server, to try to reduce confusion when people run 'apt-get install ssh' or similar and expect that to upgrade everything relevant. * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups to 10:30:100 (closes: #700102). Checksums-Sha1: eeb38de8b72ca118b40bf429a4a10383adc948dc 2556 openssh_6.1p1-3.dsc f7a5b1555a20c41188e1656b46fc610a34b475d5 249520 openssh_6.1p1-3.debian.tar.gz 5ead240be0aea5c9b70d40e35aa3bd5863ffcc8a 1055940 openssh-client_6.1p1-3_i386.deb 2c15da512363ab0c234fff29d5882edc5facc7cb 344980 openssh-server_6.1p1-3_i386.deb e53ceb8761fd33f38ab8c429b71bbda8af5fb290 1258 ssh_6.1p1-3_all.deb 14c3d4f7798663e62403542fca5953b734c3db06 93034 ssh-krb5_6.1p1-3_all.deb 4254c3bb3040b32e991163c25cdd6e5e2dd4ccf0 100988 ssh-askpass-gnome_6.1p1-3_i386.deb e3592d4afe31a2aef42fa91204f7ca28fed5aad3 181878 openssh-client-udeb_6.1p1-3_i386.udeb 3c976e70527cf7f35eb2422ffcd1930fff73a071 195648 openssh-server-udeb_6.1p1-3_i386.udeb Checksums-Sha256: 10dd2e0e8662220cff3cd477accdd575a37504986fb816302f559a12f689fe12 2556 openssh_6.1p1-3.dsc 319d082859b0b44b82b5b35e97d52fc4456009f8320fd78f14071b0efd6092d4 249520 openssh_6.1p1-3.debian.tar.gz c668e0309426f9d0ab185e1936eac7142ab4c2e508765982d1939a362aad1edf 1055940 openssh-client_6.1p1-3_i386.deb f7ea9dd6546a33adc0b3a7a4df2a068b65da717964a12f46094b85842f85eddb 344980 openssh-server_6.1p1-3_i386.deb f49b43dd5feed06b631a8f0309b698558230b0ec366880d4492b823221d453dc 1258 ssh_6.1p1-3_all.deb 748bd5e72e79e0dedc4c79f428eace89d154529932988aed17d5da2a4ff2b89f 93034 ssh-krb5_6.1p1-3_all.deb 85085eaa4f7c0e64ed7542aa9b55b00aacbd4468765dc9c6efcaba2cceb6598c 100988 ssh-askpass-gnome_6.1p1-3_i386.deb 66244f51eeb2d70b214d35994f34e88549fa0f8ff1705a6341d176b104ccf355 181878 openssh-client-udeb_6.1p1-3_i386.udeb 33223d154e17f9069e93ea9e9606a8342aadc3e6332fb98b707c20823bf041f1 195648 openssh-server-udeb_6.1p1-3_i386.udeb Files: 3eab7d38b6471015beeb747f2cd5be5e 2556 net standard openssh_6.1p1-3.dsc 71664317fdb3b5e81a3c919b595cb3c2 249520 net standard openssh_6.1p1-3.debian.tar.gz 327e94d49c040091f8b947f66ffc8ab5 1055940 net standard openssh-client_6.1p1-3_i386.deb e3b46fed288b951ccdb200ae9f2ce511 344980 net optional openssh-server_6.1p1-3_i386.deb 0f145e949e4330f3d01dd8752793ddae 1258 net extra ssh_6.1p1-3_all.deb 5b460dc6032ab534aa177693b67e0d8c 93034 oldlibs extra ssh-krb5_6.1p1-3_all.deb 8468f13626ad3ddc8bf60219d197298b 100988 gnome optional ssh-askpass-gnome_6.1p1-3_i386.deb 9e60a8dc6ac5c30ad5c8dc5c2938e84d 181878 debian-installer optional openssh-client-udeb_6.1p1-3_i386.udeb 37395755c815dc519fc0fc441b2ee82d 195648 debian-installer optional openssh-server-udeb_6.1p1-3_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBURVsajk1h9l9hlALAQgAOA/+K0+l8GjzkoyKe3LvpPitF/zzaNYulte7 Kmqm8GpGAiZsJpK+12ELKZtg83ohUhUWkeR0sODp8rt8Kzln+bkAVaENrlC/UYCJ 0n4tIBu7tItOFBvp70YtTgTw+Gj2KrhQm5apHYxtRlNSn/SD82UL91PJHPvF5aRe HwCnbVImuRKP/6DpPRE1HxIvzeh36EW1ueHszfacqii+dnO4LYDKtKTzLQ7Tf50k sbKUBtoOb81HmlbK6z5I+RXyczOWuZHd1dxC/2YDWb4/IPsm2yOmtWa9K9+BFfxk DXs/+jS/U14xvrRXtH4SjyIpuEVTjOwFB6YpQT1J1Vw43Pit2iy71oFrZcuqFnpi BXVmzr1e2Yujx4LVccrpLWox+gzhRYcbYLeEPClAVLVIyDxMEjIyVEKVfrQ9QXpj EvpoS9Ko6rMoTSzaugvCBiUKLTHu1YXLzR1NplhLDkd+dAPItZneqVxdNduCLVtD usz6+ZDuy4+YOSfW9b/GA0D1w6ACfOYf30CRd+W+9TSZR7GJ80VNAVK4ovNaK4Ba PVjvHOR4ubefQS3BIcAm+bUdIKHTO4Qd86w6Nhbbabaju4TPvZQ0oIzQiW4ns93L gbHtkpSAxbEX2s39B1ipkTNQR4MxIGdGQf6IAg64D2xNH7dspgoNVa8I3H4E70aI jY74iBkbdXM= =iIIk -----END PGP SIGNATURE-----
--- End Message ---