-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Mar 2014 18:04:41 +0000 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:6.6p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 298138 341883 742308 742513 742541 Changes: openssh (1:6.6p1-1) unstable; urgency=medium . [ Colin Watson ] * Apply various warning-suppression and regression-test fixes to gssapi.patch from Damien Miller. * New upstream release (http://www.openssh.com/txt/release-6.6, LP: #1298280): - CVE-2014-2532: sshd(8): when using environment passing with an sshd_config(5) AcceptEnv pattern with a wildcard, OpenSSH prior to 6.6 could be tricked into accepting any environment variable that contains the characters before the wildcard character. * Re-enable btmp logging, as its permissions were fixed a long time ago in response to #370050 (closes: #341883). * Change to "PermitRootLogin without-password" for new installations, and ask a debconf question when upgrading systems with "PermitRootLogin yes" from previous versions (closes: #298138). * Debconf translations: - Danish (thanks, Joe Hansen). - Portuguese (thanks, Américo Monteiro). - Russian (thanks, Yuri Kozlov; closes: #742308). - Swedish (thanks, Andreas Rönnquist). - Japanese (thanks, victory). - German (thanks, Stephan Beck; closes: #742541). - Italian (thanks, Beatrice Torracca). * Don't start ssh-agent from the Upstart user session job if something like Xsession has already done so (based on work by Bruno Vasselle; LP: #1244736). . [ Matthew Vernon ] * CVE-2014-2653: Fix failure to check SSHFP records if server presents a certificate (bug reported by me, patch by upstream's Damien Miller; thanks also to Mark Wooding for his help in fixing this) (Closes: #742513) Checksums-Sha1: de927b42fcf22bcbcc806d700b03768c8ad3b440 2637 openssh_6.6p1-1.dsc b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e 1282502 openssh_6.6p1.orig.tar.gz d3898f85b9799e7eba3936ae2ac277f62878fd2d 141060 openssh_6.6p1-1.debian.tar.xz ded9dfe4deaaa097c30bb342c79dbaec3e1af4a8 667082 openssh-client_6.6p1-1_i386.deb fbf8430b0ed184f3b4c626cd7b06963b34475579 320628 openssh-server_6.6p1-1_i386.deb 139d22adeb131eea0845880981e08e31e2bb4a76 35346 openssh-sftp-server_6.6p1-1_i386.deb bceec92916bc7bb00f1ce959454935ce40d3d038 1116 ssh_6.6p1-1_all.deb bfc13d9c525c28c209a8424f80264b99fe71772c 104838 ssh-krb5_6.6p1-1_all.deb d259f0c7e0db419ead89e671b3da8c513bc867e8 112624 ssh-askpass-gnome_6.6p1-1_i386.deb d65475dac1fdda7eccd2cb07e8993d185d055e75 252820 openssh-client-udeb_6.6p1-1_i386.udeb 255d8241c9298786b20df286e0cb35ded0890348 281614 openssh-server-udeb_6.6p1-1_i386.udeb Checksums-Sha256: 169b2034b12346730f46931d4a41660ba5d098ad2260fc02b77c59bcef8f21f6 2637 openssh_6.6p1-1.dsc 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb 1282502 openssh_6.6p1.orig.tar.gz d288f17c9f49b9b0797654d0c3c73dce91e6c85a106bb5270d3e3b8314dd06f5 141060 openssh_6.6p1-1.debian.tar.xz c4c6ad9b85473260c38f3494e439c6c1ecaea4dff80156149537cdc88ae7fc89 667082 openssh-client_6.6p1-1_i386.deb 483fe64dcd78670d8831b711b56a7f8f7155e5ccfd2aadd352ec999dd00acb61 320628 openssh-server_6.6p1-1_i386.deb ad188919c748d90aa93af2799e6073b80c7aa8bb400552e16af89243dbb24555 35346 openssh-sftp-server_6.6p1-1_i386.deb 3e930f5bda22cc3f88bb5512af6ca2010e945507c020a3269cfcb965f87c7848 1116 ssh_6.6p1-1_all.deb 9b7da9036191c4546e5877e17aa5e95435a6542688b98a3e67400f1c2b9d6137 104838 ssh-krb5_6.6p1-1_all.deb a6ff8787f8c94965b76a4e08d7856e7d2bd6336ea92daf056d17b8ff256c799b 112624 ssh-askpass-gnome_6.6p1-1_i386.deb 43c84b544c56510c5a23ef3900284b6a64cef3fdf7452f81ffdfc6a242f0cb30 252820 openssh-client-udeb_6.6p1-1_i386.udeb 26f4ffc10bd4d589d08fe5df863b69b78f22dcb4ad4a33e14e0807a1e3a57259 281614 openssh-server-udeb_6.6p1-1_i386.udeb Files: 9edf5c71b6b08bc91003fc0cb99a4717 2637 net standard openssh_6.6p1-1.dsc 3e9800e6bca1fbac0eea4d41baa7f239 1282502 net standard openssh_6.6p1.orig.tar.gz d1752ee88d1ac2ea0578d130383927ac 141060 net standard openssh_6.6p1-1.debian.tar.xz b27f2f7244836ad087d20fbf628c033c 667082 net standard openssh-client_6.6p1-1_i386.deb e6935335fb140c8eff16c2d979e38b55 320628 net optional openssh-server_6.6p1-1_i386.deb 062ac706ed28e2e29d3e50fc293d019e 35346 net optional openssh-sftp-server_6.6p1-1_i386.deb 19fbe25a4f92f9a2b6947e8d4f12ce7e 1116 net extra ssh_6.6p1-1_all.deb 5adc30ce36edeaff1d0336619b84c1a3 104838 oldlibs extra ssh-krb5_6.6p1-1_all.deb 0b0e13dbca528b2f14f559d76362c0cc 112624 gnome optional ssh-askpass-gnome_6.6p1-1_i386.deb 4fe65814c4a59d5b80e3d3414d1aaf35 252820 debian-installer optional openssh-client-udeb_6.6p1-1_i386.udeb 87b3ef5612879df187eff4149a19ea6a 281614 debian-installer optional openssh-server-udeb_6.6p1-1_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBUzXccTk1h9l9hlALAQj9dg/8Cc2GiibyRv1vsaiGnb+lKyc0h1+Yh69n vVzYN684ZGWo3deJa2HOhaFOefkFgV/pim/1/rJ3bWzhThfg/BACoEoBq7+bFIPo 78CU+W2fT1sUNZYgMZksH7OXoQ83Kv2YAAbVW4Nto4t94yMWiVxKPeJWLIBM1aD2 FdtTUR+KGVPxl3oc/kZOLRt4GRuPlkFsuPVrSNGVnrrlbme99bNqIrxRvwVWBAK0 IMtwFaDlUd05jaBsqWY2BxApEnM1ziy0+D504MoPgvTCGRU+/AzppBn+OZUqbqaO r4uWUAYKEDTi5AWeItjfDZbVx5pRt6hnRTvz/LDKj8zhLujYPEEZSIPMdLbQgGZc EyIhzd5SAaksQ17MetNE/PT0M0sCy35aCx3CmkPqVItv3DUkJX7J/XUhW/4heDdk x+554Bvs6LNvGkZVUZPDw24AWx62FNBF7UieyuQc7X6ygqNkK0XKWIGSukOjbxec cbPTVAnTt4eUQSxTcdKoZro8S+zHuPiLB/OVC4hCNzPnHuZ+iVu/ab2oaJo1B1eD YdjKtcj+vQBksULaYR8bXDwaiMT7RRrwbdxv9ZQzxmD8bl0lYXe+PlUzNhZhk5FQ lehIcXgb4zBR0iV+rqMrJq12o/eMG10I6OGnCTIumSDCXDBxW2K2DEUoEmldVOAv azHVlvakGic= =mz8Q -----END PGP SIGNATURE-----