Your message dated Fri, 08 Feb 2013 21:48:28 +0000 with message-id <E1U3vo4-0003Dw-Uu@franck.debian.org> and subject line Bug#700102: fixed in openssh 1:6.0p1-4 has caused the Debian Bug report #700102, regarding openssh: CVE-2010-5107 trivial DoS due to default configuration to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 700102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700102 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: openssh: CVE-2010-5107 trivial DoS due to default configuration
- From: Nico Golde <nion@debian.org>
- Date: Fri, 8 Feb 2013 19:41:16 +0100
- Message-id: <[🔎] 20130208184115.GA11545@ngolde.de>
Package: openssh-server Severity: important Tags: security patch Hi, the following vulnerability was published for openssh-server. CVE-2010-5107[0]: http://www.openwall.com/lists/oss-security/2013/02/06/5 This resulted in the following upstream changes: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. It would be also great if you could push this to stable-proposed-updates so this is changed for wheezy. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107 http://security-tracker.debian.org/tracker/CVE-2010-5107 Please adjust the affected versions in the BTS as needed. -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAAAttachment: pgpPfidAwOM1K.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 700102-close@bugs.debian.org
- Subject: Bug#700102: fixed in openssh 1:6.0p1-4
- From: Colin Watson <cjwatson@debian.org>
- Date: Fri, 08 Feb 2013 21:48:28 +0000
- Message-id: <E1U3vo4-0003Dw-Uu@franck.debian.org>
Source: openssh Source-Version: 1:6.0p1-4 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 700102@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 08 Feb 2013 21:27:00 +0000 Source: openssh Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:6.0p1-4 Distribution: unstable Urgency: low Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 700102 Changes: openssh (1:6.0p1-4) unstable; urgency=low . * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups to 10:30:100 (closes: #700102). Checksums-Sha1: 506f2a3522db387a336509583a0e84ef72ab3cf6 2535 openssh_6.0p1-4.dsc 55076a128927836a1aff21b21cc5ee3ad9d492b3 246895 openssh_6.0p1-4.debian.tar.gz d0a97d3b55f2f520cd5ebeee8b859f6d7d7cabc4 1045288 openssh-client_6.0p1-4_i386.deb c6c5acc068d1a457b3029d20eed8cfc185765d58 342402 openssh-server_6.0p1-4_i386.deb ef19427b0d32d3a9081d325237e39e39d71666ac 1240 ssh_6.0p1-4_all.deb 42170861f9a644a36a8457c75c3a853462477d26 88932 ssh-krb5_6.0p1-4_all.deb 5399797829fb107c609b1c9f11d686cf619b6dc1 96938 ssh-askpass-gnome_6.0p1-4_i386.deb 47bced0857b65cdad55c49acf037945ed984176f 181368 openssh-client-udeb_6.0p1-4_i386.udeb 401499c55089480770e0e05f2762ea4001aa0dbe 195020 openssh-server-udeb_6.0p1-4_i386.udeb Checksums-Sha256: 62be680c2404de66bb145022302675d39d3e6b0e61d274aaef68acb12474aa0b 2535 openssh_6.0p1-4.dsc 91bc84cb122c48809febee4b97a86c815f9f6bfea3ea6a383ae7c5af2731dfcc 246895 openssh_6.0p1-4.debian.tar.gz ac912eb0b0aafc1395f5135a7ae2bd67d528b5969b2148c64f4d89cb0525046c 1045288 openssh-client_6.0p1-4_i386.deb 45936efac3bae15f477abddbf42729293433fc545d3454144fd0c324fa547992 342402 openssh-server_6.0p1-4_i386.deb 53673c5e34f97cf8b260d742321793860594b846b69b700441e9afd2b75e112e 1240 ssh_6.0p1-4_all.deb 2c37a93935a7f329b79021c92bd1a0d5b535db82215be9378faa5124d7c1cff6 88932 ssh-krb5_6.0p1-4_all.deb 5ac7aa82bc509de8f80887296f749e0ce3383d0caa86669c3209ea2f4e0f807b 96938 ssh-askpass-gnome_6.0p1-4_i386.deb 6ec04ebc1cbe4ac11fd37e8ba6bb32f505d771b884362051b0c55ad694520d9b 181368 openssh-client-udeb_6.0p1-4_i386.udeb dd0e4f893d8ffdc40a571c658addd3fc774b4e63d4b3ac9fac72f40b9ed9701d 195020 openssh-server-udeb_6.0p1-4_i386.udeb Files: 4581d8ab7ec41e1761074183051ff56b 2535 net standard openssh_6.0p1-4.dsc d813de60b33e7efd8f8d5804cd7ae46e 246895 net standard openssh_6.0p1-4.debian.tar.gz e26882eea934eeddb69132d9bfaf73fb 1045288 net standard openssh-client_6.0p1-4_i386.deb 59fd4f9e6cd68bbf66657b2e54f6f810 342402 net optional openssh-server_6.0p1-4_i386.deb a463c9241b8ad460bcf25be5f9e3a754 1240 net extra ssh_6.0p1-4_all.deb 640a634ed7e474d5bf596ac3dab5fa10 88932 oldlibs extra ssh-krb5_6.0p1-4_all.deb 0d4f33710f6d57f54fa6c9fdf545cde7 96938 gnome optional ssh-askpass-gnome_6.0p1-4_i386.deb f44298ac9bf5720ed97e5de128a258d9 181368 debian-installer optional openssh-client-udeb_6.0p1-4_i386.udeb c07b8bd5ecc16e99a2ea58328f9bb245 195020 debian-installer optional openssh-server-udeb_6.0p1-4_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBURVvETk1h9l9hlALAQjCgQ/8CnegANXd3AaPvBMhuUknZRBSgh9w6POi jvbw/XXkSbYtH3/HyMe/PPhYptJQ2lm8oobNmq6l/RaxkAjQxwGZwlkklICuVjOo fmzs7OA6vLIfPH/CuBSmoO8IRhe4YrYLAY8jZfajICe6CmzBHcnTbXMQz+QmXjY9 IkYLz73JArBppfXeTR807TokerjZRJsHOmGapRbGOwQcAWuySXZH5df+bs3qcyZP b4X+w39AiaGLl1LMJTHiVaPBU8w+MJYGPRfUiFrDwIDfBOmVZ3HWdf2nxfj9HvSH d9K0gaI2Sl1Om2e/WaDhyVOneR3++eDQujfzLBw4NOol3K5wQHwRCAFwPYKtpcLj NvK8b2eKi+n/M++6Kbz7GAmvlWJApgiyqLfCYg2GZRvZeYtU9nilt/8/r2K5z+6Z fvbwwTH5UbN/9Qyf0GzkYahx/bRZqeVEDVnXEfx9ZNOB9C2IKwP+pXmMg3+k/hMZ fDjGY5ACI4jxDcakxZSkFaEVCpeJ2LSow+ZkwglVZyydu4PsH84T6W6C/N5xfimI ZFPB+1T3UK5L4v1Bzp9IX8b7b1EejhmZj6AKlhUYuEfZHxBzsyPkUWXJ3qwa0Sx0 1dKdL1OoE0KR0xyxL22FqRCvUyUIEFcFJOpYRe7ZEtilSM3L5cCzB53WbgAxbhzu PC3XaECZ6Oc= =XhWj -----END PGP SIGNATURE-----
--- End Message ---