Package: openssh Severity: grave Tags: security Justification: user security hole
Please see http://www.openssh.com/txt/gcmrekey.adv No CVE ID has been assigned yet. AES-GCM support was introduced in 6.2, so oldstable and stable should be fine (from http://www.openssh.com/txt/release-6.2): | * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in | SSH protocol 2. The new cipher is available as aes128-...@openssh.com | and aes256-...@openssh.com. It uses an identical packet format to the | AES-GCM mode specified in RFC 5647, but uses simpler and different | selection rules during key exchange. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
