Hi Colin, On Thu Aug 20 00:50:02 2015 Colin Watson <cjwat...@debian.org> wrote: > On Fri, Aug 07, 2015 at 11:30:07AM +0000, Debian Bug Tracking System > wrote: > > openssh (1:5.5p1-6+squeeze6) squeeze-lts; urgency=medium > > . > > * Non-maintainer upload by the Debian LTS team. > > * CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie > > expiration time of 1200 seconds. (Closes: #790798). > > * CVE-2015-5600: Only query each keyboard-interactive device once per > > authentication request regardless of how many times it is listed. > > (Closes: #793616). > > I have not yet looked at the actual patch applied here, but please note > that for versions of OpenSSH earlier than 6.5p1 (thus, squeeze and > wheezy) there is a gotcha: you need the additional patch from > https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1485719. If you > didn't include that then I think you need to issue a follow-up advisory. > > -- > Colin Watson
Thanks for feedback, I put the above on my radar and will check and follow-up when I have returned from VAC. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976148 GnuPG Key ID 0x25771B13 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
