Hi Ivo,
> From the upstream changelog for 2.7.1+dfsg-1 (already in unstable):
[..]
> - user module - do not pass ssh_key_passphrase on cmdline
> (CVE-2018-16837)
Thanks for providing this and no problem that this wasn't in the
changelog.
Security team: This still affects stretch and jessie as I unless
I'm missing something - would you like me to prepare an upload for
stable? I'm happy to take the LTS side of things.
(If so Ivo, can I push these to some VCS? I note it is in collab-
maint but I thought I might check...)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
