« Return to Thread: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

by sampablokuper :: Rate this Message:

2009/6/30 Nico Golde <debian-security%2Bml@...>

Hi,
* Niko Thome <niko.thome@...> [2009-06-30 11:47]:

> I stumbled upon a vulnerability in OpenSSH reported back in November
> 2008. http://www.securityfocus.com/bid/32319
>
> I was a bit concerned about that flaw, and tried to find out if it is
> fixed due a backport of some openSSH 5.2 upstream code. But I didn't
> find neither a bug nor a DSA for that flaw.
>
> Can you tell me how this bug is handled by Debian?

http://security-tracker.debian.net/tracker/CVE-2008-5161

Ouch! I agree with the note.

« Return to Thread: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability