Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet

To: 906236@bugs.debian.org
Cc: Salvatore Bonaccorso <carnil@debian.org>, team@security.debian.org
Subject: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
From: Chris Lamb <lamby@debian.org>
Date: Tue, 21 Aug 2018 09:08:46 +0100
Message-id: <[🔎] 1534838926.1955695.1480973304.094DD2E1@webmail.messagingengine.com>
Reply-to: Chris Lamb <lamby@debian.org>, 906236@bugs.debian.org
In-reply-to: <[🔎] 1534667577.892318.1478864568.4ECB7599@webmail.messagingengine.com>
References: <[🔎] 1534667577.892318.1478864568.4ECB7599@webmail.messagingengine.com> <[🔎] 153436226668.6714.11130467831594285376.reportbug@eldamar.local>

Chris Lamb wrote:

> > openssh: CVE-2018-15473: delay bailout for invalid authenticating
> > user until after the packet
> 
> I've started on a patch for wheezy (WIP attached).
> 
> Would the security team be interested in one for stretch? If so, I can
> return with a proposed debdiff.

Gentle ping on this?


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

References:
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Chris Lamb <lamby@debian.org>
- Bug#906236: openssh: delay bailout for invalid authenticating user until after the packet
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Next by Date: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Previous by thread: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Next by thread: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Index(es):
- Date
- Thread