Bug#831902: openssh: CVE-2016-6210: User enumeration via covert timing channel

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#831902: openssh: CVE-2016-6210: User enumeration via covert timing channel
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 20 Jul 2016 19:23:09 +0200
Message-id: <[🔎] 146903538919.23626.6540468807014317510.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 831902@bugs.debian.org

Source: openssh
Version: 1:7.2p2-5
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for openssh.

CVE-2016-6210[0]:
User enumeration via covert timing channel

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6210
[1] http://seclists.org/fulldisclosure/2016/Jul/51

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#831902: marked as done (openssh: CVE-2016-6210: User enumeration via covert timing channel)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#831902: marked as done (openssh: CVE-2016-6210: User enumeration via covert timing channel)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Wheezy update of openssh?
Next by Date: Processed: found 831902 in 1:6.7p1-5
Previous by thread: Wheezy update of openssh?
Next by thread: Bug#831902: marked as done (openssh: CVE-2016-6210: User enumeration via covert timing channel)
Index(es):
- Date
- Thread