Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet

To: Chris Lamb <lamby@debian.org>
Cc: 906236@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>, team@security.debian.org
Subject: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
From: Sébastien Delafond <seb@debian.org>
Date: Tue, 21 Aug 2018 09:55:24 +0200
Message-id: <[🔎] 20180821075524.GB5008@centurion.befour.org>
Reply-to: Sébastien Delafond <seb@debian.org>, 906236@bugs.debian.org
In-reply-to: <[🔎] 1534667577.892318.1478864568.4ECB7599@webmail.messagingengine.com>
References: <[🔎] 1534667577.892318.1478864568.4ECB7599@webmail.messagingengine.com> <[🔎] 153436226668.6714.11130467831594285376.reportbug@eldamar.local>

On Aug/19, Chris Lamb wrote:
> Would the security team be interested in one for stretch? If so, I can
> return with a proposed debdiff.

Sorry, missed your email about this. I'm actually done with the patch on
my end.

Cheers,

--Seb

Reply to:

References:
- Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
  - From: Chris Lamb <lamby@debian.org>
- Bug#906236: openssh: delay bailout for invalid authenticating user until after the packet
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Next by Date: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Previous by thread: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Next by thread: Bug#906236: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet
Index(es):
- Date
- Thread