-
openssh (1:6.7p1-5+deb8u4) jessie; urgency=medium
* Test configuration before starting or reloading sshd under systemd
(closes: #865770).
* Make "--" before the hostname terminate argument processing after the
hostname too (closes: #873201).
-- Colin Watson <email address hidden> Sat, 18 Nov 2017 10:56:29 +0000
-
openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-6210: User enumeration via covert timing channel
(closes: #831902).
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 21 Jul 2016 15:51:59 +0000
-
openssh (1:6.7p1-5+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes
-- Salvatore Bonaccorso <email address hidden> Thu, 14 Apr 2016 09:21:40 +0200
-
openssh (1:6.7p1-5+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Disable roaming in openssh client: roaming code is vulnerable to an
information leak (CVE-2016-0777) and heap-based buffer overflow
(CVE-2016-0778).
-- Yves-Alexis Perez <email address hidden> Wed, 13 Jan 2016 22:08:52 +0100
-
openssh (1:6.7p1-5) unstable; urgency=medium
* Revert change from previous upload, which causes far more trouble than
it is worth (closes: #780797):
- Send/accept only specific known LC_* variables, rather than using a
wildcard.
* Add a NEWS.Debian entry documenting this reversion, as it is too
difficult to undo the sshd_config change automatically without
compounding the problem of (arguably) overwriting user configuration.
-- Colin Watson <email address hidden> Sun, 22 Mar 2015 23:20:56 +0000
-
openssh (1:6.7p1-3) unstable; urgency=medium
* Debconf translations:
- Dutch (thanks, Frans Spiesschaert; closes: #765851).
* Assume that dpkg-statoverride exists and drop the test for an obsolete
compatibility path.
-- Colin Watson <email address hidden> Mon, 03 Nov 2014 20:29:52 +0000
-
openssh (1:6.7p1-2) unstable; urgency=medium
* debian/tests/control: Drop isolation-container, since the tests run on a
high port. They're still not guaranteed to run correctly in an schroot,
but may manage to work, so this lets the tests at least try to run on
ci.debian.net.
-- Colin Watson <email address hidden> Fri, 10 Oct 2014 10:47:19 +0100
-
openssh (1:6.6p1-8) unstable; urgency=medium
* Make the if-up hook use "reload" rather than "restart" if the system was
booted using systemd (closes: #756547).
* Show fingerprints of new keys after creating them in the postinst
(closes: #762128).
* Policy version 3.9.6: no changes required.
* Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
between Architecture: all and Architecture: any binary packages (closes:
#763375).
-- Colin Watson <email address hidden> Fri, 03 Oct 2014 12:23:57 +0100
-
openssh (1:6.6p1-7) unstable; urgency=medium
* Make sure that DEB_HOST_ARCH is set, even when invoking debian/rules
directly.
* Use dh-exec to simplify override_dh_install target.
* Remove several unnecessary entries in debian/*.dirs.
* Pass noupdate to the second call to pam_motd, not the first (thanks, Ken
T Takusagawa; closes: #757059).
* Debconf translations:
- Turkish (thanks, Mert Dirik; closes: #756757).
-- Colin Watson <email address hidden> Tue, 05 Aug 2014 09:10:04 +0100
-
openssh (1:6.6p1-6) unstable; urgency=medium
* Upgrade to debhelper v9.
* Only use pam_keyinit on Linux architectures (closes: #747245).
* Make get_config_option more robust against trailing whitespace (thanks,
LaMont Jones).
* Debconf translations:
- Czech (thanks, Michal Šimůnek; closes: #751419).
-- Colin Watson <email address hidden> Sat, 28 Jun 2014 14:50:04 +0100
-
openssh (1:6.6p1-5) unstable; urgency=medium
* Force ssh-agent Upstart job to use sh syntax regardless of the user's
shell (thanks, Steffen Stempel; LP: #1312928).
-- Colin Watson <email address hidden> Thu, 01 May 2014 16:27:53 +0100
-
openssh (1:6.6p1-4) unstable; urgency=medium
* Debconf translations:
- Spanish (thanks, Matías Bellone; closes: #744867).
* Apply upstream-recommended patch to fix bignum encoding for
<email address hidden>, fixing occasional key exchange failures.
-- Colin Watson <email address hidden> Mon, 21 Apr 2014 21:29:53 +0100
-
openssh (1:6.6p1-3) unstable; urgency=medium
* Debconf translations:
- French (thanks, Étienne Gilli; closes: #743242).
* Never signal the service supervisor with SIGSTOP more than once, to
prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).
-- Colin Watson <email address hidden> Mon, 14 Apr 2014 12:11:50 +0100
-
openssh (1:6.6p1-2) unstable; urgency=medium
* If no root password is set, then switch to "PermitRootLogin
without-password" without asking (LP: #1300127).
-- Colin Watson <email address hidden> Mon, 31 Mar 2014 12:20:46 +0100
-
openssh (1:6.5p1-6) unstable; urgency=medium
* Fix Breaks/Replaces versions of openssh-sftp-server on openssh-server
(thanks, Axel Beckert).
-- Colin Watson <email address hidden> Thu, 06 Mar 2014 16:18:44 +0000
-
openssh (1:6.5p1-4) unstable; urgency=medium
* Configure --without-hardening on hppa, to work around
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
* Amend "Running sshd from inittab" instructions in README.Debian to
recommend 'update-rc.d ssh disable', rather than manual removal of rc*.d
symlinks that won't work with dependency-based sysv-rc.
* Remove code related to non-dependency-based sysv-rc ordering, since that
is no longer supported.
* Apply patch from https://bugzilla.mindrot.org/show_bug.cgi?id=2200 to
fix getsockname errors when using "ssh -W" (closes: #738693).
-- Colin Watson <email address hidden> Sat, 15 Feb 2014 02:19:36 +0000
-
openssh (1:6.4p1-2) unstable; urgency=high
* Increase ServerKeyBits value in package-generated sshd_config to 1024
(closes: #727622, LP: #1244272).
* Restore patch to disable OpenSSL version check (closes: #732940).
-- Colin Watson <email address hidden> Mon, 23 Dec 2013 10:44:04 +0000
-
openssh (1:6.4p1-1) unstable; urgency=high
* New upstream release. Important changes:
- 6.3/6.3p1 (http://www.openssh.com/txt/release-6.3):
+ sftp(1): add support for resuming partial downloads using the
"reget" command and on the sftp commandline or on the "get"
commandline using the "-a" (append) option (closes: #158590).
+ ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives
(closes: #436052).
+ sftp(1): update progressmeter when data is acknowledged, not when
it's sent (partially addresses #708372).
+ ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
- 6.4/6.4p1 (http://www.openssh.com/txt/release-6.4):
+ CVE-2013-4548: sshd(8): fix a memory corruption problem triggered
during rekeying when an AES-GCM cipher is selected (closes:
#729029). Full details of the vulnerability are available at:
http://www.openssh.com/txt/gcmrekey.adv
* When running under Upstart, only consider the daemon started once it is
ready to accept connections (by raising SIGSTOP at that point and using
"expect stop").
-- Colin Watson <email address hidden> Sat, 09 Nov 2013 18:24:16 +0000
-
openssh (1:6.2p2-6) unstable; urgency=low
* Update config.guess and config.sub automatically at build time.
dh_autoreconf does not take care of that by default because openssh does
not use automake.
-- Colin Watson <email address hidden> Tue, 02 Jul 2013 22:54:49 +0100
-
openssh (1:6.2p2-4) unstable; urgency=low
* Fix non-portable shell in ssh-copy-id (closes: #711162).
* Rebuild against debhelper 9.20130604 with fixed dependencies for
invoke-rc.d and Upstart jobs (closes: #711159, #711364).
* Set SELinux context on private host keys as well as public host keys
(closes: #687436).
-- Colin Watson <email address hidden> Thu, 06 Jun 2013 17:06:31 +0100
-
openssh (1:6.2p2-3) unstable; urgency=low
* If the running init daemon is Upstart, then, on the first upgrade to
this version, check whether sysvinit is still managing sshd; if so,
manually stop it so that it can be restarted under upstart. We do this
near the end of the postinst, so it shouldn't result in any appreciable
extra window where sshd is not running during upgrade.
-- Colin Watson <email address hidden> Wed, 22 May 2013 17:42:10 +0100
-
openssh (1:6.0p1-4+deb7u2) stable; urgency=medium
* Restore patch to disable OpenSSL version check (closes: #749472).
-- Colin Watson <email address hidden> Sat, 28 Jun 2014 14:27:46 +0100
-
openssh (1:6.0p1-4+deb7u1) stable-security; urgency=high
* CVE-2014-2532: Disallow invalid characters in environment variable names
to prevent bypassing AcceptEnv wildcard restrictions.
* CVE-2014-2653: Attempt SSHFP lookup even if server presents a
certificate (closes: #742513).
-- Colin Watson <email address hidden> Thu, 03 Apr 2014 00:05:17 +0100
-
openssh (1:6.0p1-4) unstable; urgency=low
* CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
to 10:30:100 (closes: #700102).
-- Colin Watson <email address hidden> Fri, 08 Feb 2013 21:27:00 +0000
