Bug#906236: marked as done (openssh: delay bailout for invalid authenticating user until after the packet)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 17 Aug 2018 13:34:41 +0000
with message-id <E1fqetl-000IY4-9k@fasolo.debian.org>
and subject line Bug#906236: fixed in openssh 1:7.7p1-4
has caused the Debian Bug report #906236,
regarding openssh: delay bailout for invalid authenticating user until after the packet
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
906236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh: delay bailout for invalid authenticating user until after the packet
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Wed, 15 Aug 2018 21:44:26 +0200
• Message-id: <[🔎] 153436226668.6714.11130467831594285376.reportbug@eldamar.local>

Source: openssh
Version: 1:7.7p1-1
Severity: important
Tags: patch security upstream

Hi

See http://www.openwall.com/lists/oss-security/2018/08/15/5 for
details.

Upstream patch:

https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 906236-close@bugs.debian.org
• Subject: Bug#906236: fixed in openssh 1:7.7p1-4
• From: Colin Watson <cjwatson@debian.org>
• Date: Fri, 17 Aug 2018 13:34:41 +0000
• Message-id: <E1fqetl-000IY4-9k@fasolo.debian.org>

Source: openssh
Source-Version: 1:7.7p1-4

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906236@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 17 Aug 2018 14:09:32 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.7p1-4
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 906236
Changes:
 openssh (1:7.7p1-4) unstable; urgency=high
 .
   * Apply upstream patch to delay bailout for invalid authenticating user
     until after the packet containing the request has been fully parsed
     (closes: #906236).
Checksums-Sha1:
 e5a21e7409739196b2a85e2d01c5bc652bb72bc3 3121 openssh_7.7p1-4.dsc
 267d593644355dea2e3eb1a01370a937751d9987 160756 openssh_7.7p1-4.debian.tar.xz
 049b974be4250a906deb3accbcff585c8bd03a85 14906 openssh_7.7p1-4_source.buildinfo
Checksums-Sha256:
 2cadb472a4ef9fdd5abcb7c72f096f04ebc13f26dc72fa05118d3edb845a3389 3121 openssh_7.7p1-4.dsc
 a7d3a5f9c2b91639f128620c231792698199a2ba0a74fb28dd26204714ccd865 160756 openssh_7.7p1-4.debian.tar.xz
 c23fb4250db6c0fe6ac58872b1be78a1adc151d6bfe303371bacffb932847776 14906 openssh_7.7p1-4_source.buildinfo
Files:
 411697adb18825f5b0da678431715e1e 3121 net standard openssh_7.7p1-4.dsc
 7584eb46f42a5980577374bbe97e48cd 160756 net standard openssh_7.7p1-4.debian.tar.xz
 2167cba69bbe4353016f0ae7bb254b7a 14906 net standard openssh_7.7p1-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlt2yU4ACgkQOTWH2X2G
UAu/Sw//Z6YZ0FtTnveeVSBIFLZtX9mKQLI1D63sr+GTaTXOsPpuMN2i1pk3fwbD
Kuhl9kfQNzxxkQTp5SY2xOzmPUfJt+6JPNtKhEWxgejGhebCO/xymuqIDKgw1eEx
R7w02WTNMDdxCMKLLslwgyAvcQDnV7EPy7dyZ68WQNaau2K9Ai5Mdroswe56Pyuv
acO5ecEZ2hCmCGO25XIlq2MtXRZBeNlOoTBJi+iqyrO0Qzvai4rmAr1E4AfF0PgD
2cPAe8q9rm6JLSXsJfrmS2avi+QudxKIzLqT+vfyLyhSeq6aRn7Abvug3V4Y6WUm
3L1Ysnn1QpVhwuxCYVQjuOoTZ7e4ePo3VFUQhZgs/GQK/NAgLANp3K3baxSDuTp/
EAvCRIxhoBX4xCRIJjc0OKTME9BRe9Owan8xoM99n6Xs7yyqmIWnxCX+S0NjKvwm
hPXbPd5nQA1Ps3w5PJBUSuFIeawMKiGd9LOaM9xv78jgTHHHRblEec9Motb/nGdL
ICC/g6x1+a3RZn4oJwd7fS4utK1ubosKAkSFcKLz5x1Y2hBN8hjiP1As9CwiMwXj
qnS+/5e7tVoxkXNCcqCM/PtqcfcKP2YnsjlQ8dTmacBL+iGzy+m3DTu+Ig8gp3FP
LXOsVJaZuzPd66uLL6LbqJrGPPVQghcG9hmAEe2UZkDaiE2MUB8=
=A67W
-----END PGP SIGNATURE-----

--- End Message ---