Bug#831902: marked as done (openssh: CVE-2016-6210: User enumeration via covert timing channel)
Your message dated Sun, 24 Jul 2016 19:02:57 +0000
with message-id <E1bROfx-0006qp-Om@franck.debian.org>
and subject line Bug#831902: fixed in openssh 1:6.7p1-5+deb8u3
has caused the Debian Bug report #831902,
regarding openssh: CVE-2016-6210: User enumeration via covert timing channel
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
831902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: openssh
Version: 1:7.2p2-5
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for openssh.
CVE-2016-6210[0]:
User enumeration via covert timing channel
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6210
[1] http://seclists.org/fulldisclosure/2016/Jul/51
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
- To: 831902-close@bugs.debian.org
- Subject: Bug#831902: fixed in openssh 1:6.7p1-5+deb8u3
- From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
- Date: Sun, 24 Jul 2016 19:02:57 +0000
- Message-id: <E1bROfx-0006qp-Om@franck.debian.org>
Source: openssh
Source-Version: 1:6.7p1-5+deb8u3
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 831902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 21 Jul 2016 15:51:59 +0000
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 831902
Changes:
openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-6210: User enumeration via covert timing channel
(closes: #831902).
Checksums-Sha1:
bff143012193cc818be87fb2cc85a701e4dd94fc 2709 openssh_6.7p1-5+deb8u3.dsc
7c31b32b12a8b9aadc9b3e8fbee3b56dc8f0795f 150272 openssh_6.7p1-5+deb8u3.debian.tar.xz
868ac10a0246f4601fb91075e5999cca4b4e21ab 690360 openssh-client_6.7p1-5+deb8u3_amd64.deb
725cfad83f996522a8a83e7119d53a6da67398d0 331268 openssh-server_6.7p1-5+deb8u3_amd64.deb
2af338add69ac295737b61d718b92dca84d9ebba 37996 openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
7addc7869745a752f2af72d3499da3f37b435274 119790 ssh_6.7p1-5+deb8u3_all.deb
f00b777707ce403ec1cc2e6851a8f5d281d91748 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
d50a45e202a6e66594ed050493b4135516c9a527 127466 ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
6b7b8b1d27ed4ca3581894dac5827cc895cfff88 259646 openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
ebbe59699881d10e25233a3db9ea1f40f615d63d 286308 openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Checksums-Sha256:
3680d33c9638af9d0f249bee3444b490b0a1fa4ea11a04e1b97fe6e081ce8537 2709 openssh_6.7p1-5+deb8u3.dsc
a2f486b45310b86816fbd5b85ad61493d9b07ac3290a7b4f773747e7a47b6759 150272 openssh_6.7p1-5+deb8u3.debian.tar.xz
0cfb382650c3263349f4829f3423833c650cb0c665b731be66d5d72f9779099d 690360 openssh-client_6.7p1-5+deb8u3_amd64.deb
0376c483b3bfe1c12e87744b11391a47c8f40eecce629c00176535a716761a58 331268 openssh-server_6.7p1-5+deb8u3_amd64.deb
19d84f32345060bbc79522f8e9ed773d28a37edb5d9cd8cf83384f27f848a220 37996 openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
257a7a22101067758b9b95792d3f6f5705b8a5b00b14f0ef63553db28b4eb45e 119790 ssh_6.7p1-5+deb8u3_all.deb
78bfef7c0299c70fc35aa9af601d2512ffb63bffd32ee75dbd92fa4885528a8a 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
e56238724132239d530fd7cd92679b4e4f5b6bc4c4b9dec1c5f543b82c2dbd03 127466 ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
463a40912de0499820501026ee29284ab4429b97a24cac34c1b9ff6be410f243 259646 openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
938912669db7b2bc924e3ac202c8142342334e12b018db2a8fb0bc3ec1dd61a9 286308 openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Files:
4a60c718008cad0c665a7e354a9d02da 2709 net standard openssh_6.7p1-5+deb8u3.dsc
c95ae888817d1c3cb77453453846f32e 150272 net standard openssh_6.7p1-5+deb8u3.debian.tar.xz
1d6685072b0fbb99480eba30d2da0d46 690360 net standard openssh-client_6.7p1-5+deb8u3_amd64.deb
7dce77acd12b801bb5d5d901f4380d3f 331268 net optional openssh-server_6.7p1-5+deb8u3_amd64.deb
c29c13fd32670a16464b805a41790608 37996 net optional openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
18ab5922af1b6841078eb9bab46cb2ef 119790 net extra ssh_6.7p1-5+deb8u3_all.deb
1f779b09429f37d9d3a37c9b59370c45 119334 oldlibs extra ssh-krb5_6.7p1-5+deb8u3_all.deb
995528c208b70003a697fbd9b52aa577 127466 gnome optional ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
c657a8c5bfb1043a7e62bba3134e81ca 259646 debian-installer optional openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
fc39fa3123e64058e1bec2201a169e5c 286308 debian-installer optional openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXklxPAAoJENzjEOeGTMi/xf8P/2yfRdRdVjyyJwwNS2LVfhjf
fODvgyZwOpP20WTl59hCYqKIOZDkU27/QuHZl1s9qTuroPD8jgApKTg0slNdaaxV
TKOjPnsR2SsgdPDQTR9Fuemg9dBtQkDNEC8jwbbSZtEugpf5pSaC7kx8O2K3jIaP
ar2w2ZLmCPIp2lI5QceauE51H1p/yrQjmTKQIXNhMaEK0di/JWS3xnNtr3ebcU6S
0bGCA+p7Xtz/1QyRp0DfEIvz4YWLY3BOu1fVIe/4klvRP61KYca+fmKM2xR6rHmD
+rm+m2Bkq5jKUeMWoZYvFJZrG4ZKLVunAiOjCKQarJo26jv8k3oTZeRiUxGq6bbe
U+OaGFPO8bLra0dMMVwoOmLtSnJh+Nsiid5gA614wFbgCByQfUSWuoUB1/LRb8uX
yqV/h7TT8FRn3UcmYINSHmElJd2sxqtKFNzyFj36hpqvNAR4YJS7+2TlKeFRWDfW
nqF5diL/t9HRyPrnp470+6hP6Yo+vsAHbVxjmzEHow/6owXNq9Hu3aObvd3/Nm2T
EHivh1/uBhaQxDx/MhA3nww6QV1WSBCvU+etmt81XZfbKikbJkr8SpqKgBzIa0O2
X8yy1wjRwZeu1bnOyBpDYBpgTHTYNBvg2BUZ+MQZMDIMC77kNroyEtaetDp6ISJX
slWc0rME/RpipSnslVKG
=jEOy
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: