Package: openssh-client Version: 1:4.3p2-9etch2 Severity: grave Tags: security Justification: user security hole
The openssh client and openssh-vulnkey do not check for 4096 bit comprimised keys as the sid version does. So the user will not find these compromised keys when checking with openssh-vulnkey and the ssh server will accept connections with these keys. Please supply a package like in sid which also checks for 4096 (and other?) bit keys. Christoph -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (900, 'stable'), (70, 'testing'), (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22-4-686-bigmem Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages openssh-client depends on: ii add 3.102 Add and remove users and groups ii deb 1.5.11etch1 Debian configuration management sy ii dpk 1.13.25 package maintenance system for Deb ii lib 2.3.6.ds1-13etch5 GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 2.9.cvs.20050518-2.2 BSD editline and history libraries ii lib 1.4.4-7etch5 MIT Kerberos runtime libraries ii lib 5.5-5 Shared libraries for terminal hand ii lib 0.9.8c-4etch3 SSL shared libraries ii pas 1:4.0.18.1-7 change and administer password and ii zli 1:1.2.3-13 compression library - runtime openssh-client recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
