-
openssh (1:6.7p1-5ubuntu1.4) vivid-security; urgency=medium
* SECURITY UPDATE: information leak and overflow in roaming support
- debian/patches/CVE-2016-077x.patch: completely disable roaming option
in readconf.c.
- CVE-2016-0777
- CVE-2016-0778
-- Marc Deslauriers <email address hidden> Wed, 13 Jan 2016 10:47:46 -0500
-
openssh (1:6.7p1-5ubuntu1.3) vivid-security; urgency=medium
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/patches/CVE-2015-5600-2.patch:
-- Marc Deslauriers <email address hidden> Mon, 17 Aug 2015 21:49:49 -0400
-
openssh (1:6.7p1-5ubuntu1.2) vivid-security; urgency=medium
* SECURITY UPDATE: possible user impersonation via PAM support
- debian/patches/pam-security-1.patch: don't resend username to PAM in
monitor.c, monitor_wrap.c.
- CVE number pending
* SECURITY UPDATE: use-after-free in PAM support
- debian/patches/pam-security-2.patch: fix use after free in monitor.c.
- CVE number pending
* SECURITY UPDATE:
- debian/patches/CVE-2015-5600.patch: only query each
keyboard-interactive device once per authentication request in
auth2-chall.c.
- CVE-2015-5600
* SECURITY UPDATE: X connections access restriction bypass
- debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
connections attempted after ForwardX11Timeout expires in channels.c,
channels.h, clientloop.c.
- CVE-2015-5352
-- Marc Deslauriers <email address hidden> Fri, 14 Aug 2015 07:26:18 -0400
-
openssh (1:6.7p1-5ubuntu1) vivid; urgency=medium
* openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
message from initctl if upstart is installed, but not the current init
system. (LP: #1440070)
* openssh-server.postinst: Fix version comparisons of upgrade adjustments to
not apply to fresh installs.
-- Martin Pitt <email address hidden> Thu, 09 Apr 2015 09:20:36 +0200
-
openssh (1:6.7p1-5) unstable; urgency=medium
* Revert change from previous upload, which causes far more trouble than
it is worth (closes: #780797):
- Send/accept only specific known LC_* variables, rather than using a
wildcard.
* Add a NEWS.Debian entry documenting this reversion, as it is too
difficult to undo the sshd_config change automatically without
compounding the problem of (arguably) overwriting user configuration.
-- Colin Watson <email address hidden> Sun, 22 Mar 2015 23:20:56 +0000
-
openssh (1:6.7p1-4) unstable; urgency=medium
* Send/accept only specific known LC_* variables, rather than using a
wildcard (closes: #765633).
* Document interactions between ListenAddress/Port and ssh.socket in
README.Debian (closes: #764842).
* Debconf translations:
- Brazilian Portuguese (thanks, José de Figueiredo; closes: #771859).
-- Colin Watson <email address hidden> Wed, 18 Mar 2015 15:34:13 +0000
-
openssh (1:6.7p1-3) unstable; urgency=medium
* Debconf translations:
- Dutch (thanks, Frans Spiesschaert; closes: #765851).
* Assume that dpkg-statoverride exists and drop the test for an obsolete
compatibility path.
-- Colin Watson <email address hidden> Mon, 03 Nov 2014 20:29:52 +0000
-
openssh (1:6.7p1-2) unstable; urgency=medium
* debian/tests/control: Drop isolation-container, since the tests run on a
high port. They're still not guaranteed to run correctly in an schroot,
but may manage to work, so this lets the tests at least try to run on
ci.debian.net.
-- Colin Watson <email address hidden> Fri, 10 Oct 2014 10:47:19 +0100
-
openssh (1:6.6p1-8) unstable; urgency=medium
* Make the if-up hook use "reload" rather than "restart" if the system was
booted using systemd (closes: #756547).
* Show fingerprints of new keys after creating them in the postinst
(closes: #762128).
* Policy version 3.9.6: no changes required.
* Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
between Architecture: all and Architecture: any binary packages (closes:
#763375).
-- Colin Watson <email address hidden> Fri, 03 Oct 2014 12:23:57 +0100