mand, overriding whatever
> the client tries to do.
Yeah, senior moment; apologies.
> > Based on the debdiff in
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445#29 , please go
> > ahead (with the distribution set to "stable" or "squeeze").
&g
d it gets as far
as executing the command, then that's already logged at -d in the
server; see session.c:do_exec.
> Based on the debdiff in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445#29 , please go
> ahead (with the distribution set to "stable" or "
dding them to CC.
Hmmm, it would be nicer if it were still possible to log commands that
the key /should/ be permitted to access, but I'm guessing that would be
a more involved and invasive change.
Based on the debdiff in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445#29 , please g
On Mon, Feb 20, 2012 at 11:04:20AM +0100, Thijs Kinkhorst wrote:
> Hi Colin,
>
> On Mon, February 20, 2012 03:46, Colin Watson wrote:
> > On Wed, Feb 08, 2012 at 06:44:26PM +0100, Moritz Muehlenhoff wrote:
> >> On Thu, Jan 26, 2012 at 07:50:24PM -0500, Marc Deslauriers wrote:
> >> > Looks like thi
Hi Colin,
On Mon, February 20, 2012 03:46, Colin Watson wrote:
> On Wed, Feb 08, 2012 at 06:44:26PM +0100, Moritz Muehlenhoff wrote:
>> On Thu, Jan 26, 2012 at 07:50:24PM -0500, Marc Deslauriers wrote:
>> > Looks like this:
>> >
>> > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-optio
ced-command-debug-security.patch
2012-02-20 02:18:45.0 +
@@ -0,0 +1,19 @@
+Description: Don't send the actual forced command in a debug message
+Origin: upstream,
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54
+Bug-Debian: http://bugs
On Thu, Jan 26, 2012 at 07:50:24PM -0500, Marc Deslauriers wrote:
> Looks like this:
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54
Colin, can you fix this for the 6.0.5 point release?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bu
Looks like this:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Please use CVE-2012-0814 for this issue
http://seclists.org/oss-sec/2012/q1/296
--
Kurt Seifried Red Hat Security Response Team (SRT)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: openssh-server
Version: 1:5.5p1-6+squeeze1
Severity: normal
The handling of multiple forced commands in ~/.ssh/authorized key leaks
information about other configured forced commands to the user. This
affects tools lile gitolite, which makes heavy use of forced commands
(For gitolite, th
10 matches
Mail list logo
