Package: libpam-ssh
Version: 1.92-14
Severity: normal
libpam-ssh contains embeds code from the OpenSSH project.
At the very least, authfile.c is shared between projects; as a result,
security fixes or functionality enhancements that make it into OpenSSH
do not propagate automatically into libpam-ssh.
libpam-ssh's TODO file states:
----------------------------
Instead of calling OpenSSH's load_private_key(), execute ssh-add in the
authentication phase and something like
ssh-agent ssh-add
in the session phase and parse the output. (SSH's ssh-add provides
decent return values, whereas OpenSSH's does not.)
----------------------------
Resolving this TODO item should remove the need for the embedded code
copy.
Thanks,
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.36-rc5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
