> It should, therefore, be pushed upstream. Sure. Upstream can make a final determination, and Ubuntu will inherit their decision. Thank you for doing that.
> ...it would be welcome if Ubuntu were to request a fix as well. Ubuntu is a community project and that community includes you. If you've made a request upstream, I don't think it's appropriate for anyone else to be joining in unless they have new and useful information to add. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1025418 Title: Using ProxyCommand w/a non-existant host results in infinite spawns. Status in openssh package in Ubuntu: Invalid Bug description: Version: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 Package: openssh-client Today we discovered a possible bug in the OpenSSH-Client package (openssh) that happens when you enable ProxyCommand with a non- existant hostname. This bug is easily replicated with the default example in /etc/ssh/ssh_config. If one uncomments that line and then for example tries to push via Git SSH you end up with SSH spawning over and over and over again as seein the attached screenshot. I have flagged this as a security bug (but ultimately it's up to ya'll if it is) because any user can do this and take down any server quite easily by adding add a bad ProxyCommand to their ~/.ssh/config. I was able to take out one of my personal servers (which happens to be a pretty big server) within a few minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1025418/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
