-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 Apr 2014 00:05:17 +0100 Source: openssh Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:6.0p1-4+deb7u1 Distribution: stable-security Urgency: high Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 742513 Changes: openssh (1:6.0p1-4+deb7u1) stable-security; urgency=high . * CVE-2014-2532: Disallow invalid characters in environment variable names to prevent bypassing AcceptEnv wildcard restrictions. * CVE-2014-2653: Attempt SSHFP lookup even if server presents a certificate (closes: #742513). Checksums-Sha1: c29301b88a0b42287196d9226ec8dd7a3ef65a94 2546 openssh_6.0p1-4+deb7u1.dsc f691e53ef83417031a2854b8b1b661c9c08e4422 1126034 openssh_6.0p1.orig.tar.gz 99482673ad9e7bf91e35b9b3dc33201c175f9938 250665 openssh_6.0p1-4+deb7u1.debian.tar.gz d9445c880d32720eb8816c41c08d0a8aa482775f 1046342 openssh-client_6.0p1-4+deb7u1_i386.deb 90d874f067906f0b1868de143ea9810287052063 342718 openssh-server_6.0p1-4+deb7u1_i386.deb ffbf200e6712e176d61c20007aac86fe2199abb4 1244 ssh_6.0p1-4+deb7u1_all.deb 3c28a59246e137b5aa58eb0b4966a5ea21b4984b 89406 ssh-krb5_6.0p1-4+deb7u1_all.deb ed2b9a404d3ed7d4be8372c910138ff3a06220e0 97040 ssh-askpass-gnome_6.0p1-4+deb7u1_i386.deb 49389644b8c39118564b83998cecc48799d7349f 181228 openssh-client-udeb_6.0p1-4+deb7u1_i386.udeb 2f4fb6c14445e2ba6027a0003af6c3ca5a53ca80 194346 openssh-server-udeb_6.0p1-4+deb7u1_i386.udeb Checksums-Sha256: 1e1760a5f463eefea8f0cb0e2769a73fda6a8814c9cc4c7c7583748fe36dab4f 2546 openssh_6.0p1-4+deb7u1.dsc 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de 1126034 openssh_6.0p1.orig.tar.gz 30a48594c638462418d73399644fb83c463011f26847ffc73253740588511647 250665 openssh_6.0p1-4+deb7u1.debian.tar.gz 4da98c169fa43fd340b379677d42b65f5b20ff0f2b9da85d254c4c5467d0741d 1046342 openssh-client_6.0p1-4+deb7u1_i386.deb ed110509e6fdbbb956579db46a39b2fd05ee98016479b2cc04a6b3d7f317982e 342718 openssh-server_6.0p1-4+deb7u1_i386.deb 656a17a970aad3898e2098fda3ddb625890882cc8ae166e7b21b9a88b615ba59 1244 ssh_6.0p1-4+deb7u1_all.deb 444f55a64cb662d32b4afaee6b852962d641dd473326e2a37a348cfbd101fbe4 89406 ssh-krb5_6.0p1-4+deb7u1_all.deb b770f505b866048f6df915e6a40d263d2939da9163cd074be8199283832eaf09 97040 ssh-askpass-gnome_6.0p1-4+deb7u1_i386.deb 1627cdfc64e66493368775a21811e31155201249aa8b10aceb243f650c4cc4f1 181228 openssh-client-udeb_6.0p1-4+deb7u1_i386.udeb 946bd501a98347092664b9892557061a4d2991f33fd762adac4ed14db92f04b0 194346 openssh-server-udeb_6.0p1-4+deb7u1_i386.udeb Files: e557e1994c2216f7361448cc9258aa5a 2546 net standard openssh_6.0p1-4+deb7u1.dsc 3c9347aa67862881c5da3f3b1c08da7b 1126034 net standard openssh_6.0p1.orig.tar.gz 61f070b4553533e7e32adb9c77b98475 250665 net standard openssh_6.0p1-4+deb7u1.debian.tar.gz afd76da5a7f9c4ded8f48eacd8754225 1046342 net standard openssh-client_6.0p1-4+deb7u1_i386.deb 8ebd11309b27fe734f727e0873e2d9c1 342718 net optional openssh-server_6.0p1-4+deb7u1_i386.deb 38ca4aa1c65c0002fef941edc3d30a50 1244 net extra ssh_6.0p1-4+deb7u1_all.deb a003864e79fdd6ea17af0188f5fbfbe7 89406 oldlibs extra ssh-krb5_6.0p1-4+deb7u1_all.deb a55fb38bf65e73bb0b1cfa41f18c453d 97040 gnome optional ssh-askpass-gnome_6.0p1-4+deb7u1_i386.deb 4aab6a2a7d8ce892b8d293f30111fb70 181228 debian-installer optional openssh-client-udeb_6.0p1-4+deb7u1_i386.udeb d3ea30d3b199f72f7ab47dcff4022b1e 194346 debian-installer optional openssh-server-udeb_6.0p1-4+deb7u1_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIVAwUBUzyZpzk1h9l9hlALAQhb+g/8Cy9JYwe8TkAKR5JAnkGXStPXW9wkZJVB BMzAIyw6xPja2wz0sCpwXXHVCO+DMzsUAo0ZJ8QAvF/X0Md+QhaXxtXSZoHiU3s7 TOrVSmftenvKUmVcgBiBhqqT98e3rpgpGTL6Uxrihy5LR4oEQ+0XxlVodU55xdq0 N/OXUbl6soSLB4l3L0yPfDuB1p8pZLplzRVLRCGaQzNyrc8u7RUHzZNxnYu+ol4k Yzp9cFICEYaG0F+ZgICpUXLnvVMbkmKgnPiAv2D70THMJMuwOPhSUV0Td8U6I/5D VbSyYyhZWm/2kAYByJMSXwCHUbx+UfxOPSwbkC2dRUXifYaLJKBwu2+dNXNexIDX SXufmIQ9dPjzsDty9RfeMETFCgjXeQsAZdBu5NWZyhU+ZUm+iCx9W1TVx1r7HrKE Tgprhr1e2XiteIcjq6xO/NT8p6jY2eyWJRJHL/RiZogiwoq/JQOGGcaKSMrMIt1w QiGTkru9Ud5/QQ3LKFdfyYJsyBTa2yIEshasJ3RZHsxENGg0lEkpmeiDF7o9MbnG 3xtW/6MG4DECYBtIvUn8bUb0GHYtvc0lvqkPGswrZV6YkhwciihfxYwR7Kr53UQA HMKVf8iafIhfKGprO0oOq9QN2JSv+WtuqPdi+sG6Tmh7aiCQc6Ta7b+5bVHNyf6D RRg6FLbvbNE= =Ar4w -----END PGP SIGNATURE-----