ubuntu/+source/openssh:applied/ubuntu/warty-devel

Last commit made on 2006-02-21
Get this branch:
git clone -b applied/ubuntu/warty-devel https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/warty-devel
Repository:
lp:ubuntu/+source/openssh

Recent commits

dfd3847... by Martin Pitt on 2006-02-20

Import patches-applied version 1:3.8.1p1-11ubuntu3.3 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: c046986784e1d06c11300543b6ea35cbbe6e2f51
Unapplied parent: b1e1c7a37f09c6b299f67c295ec48a139064ea72

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

b1e1c7a... by Martin Pitt on 2006-02-20

Import patches-unapplied version 1:3.8.1p1-11ubuntu3.3 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 4df9e6b585b6676ad6548ebcd329893e78477f1a

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

c046986... by Martin Pitt on 2005-10-17

Import patches-applied version 1:3.8.1p1-11ubuntu3.2 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 1b47c8f1a006223b0fce36e5282eeaa8ae2fce68
Unapplied parent: 4df9e6b585b6676ad6548ebcd329893e78477f1a

New changelog entries:
  * SECURITY UPDATE: Information disclosure.
  * gss-serv.c, sshconnect2.c: Do not delegate GSSAPI credentials to log in
    with a different method than GSSAPI.
  * CAN-2005-2798
  * SECURITY UPDATE: fix two information leaks
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker) (Debian bug #281595, Ubuntu bug #3768).
  * Make sure that there's a delay in PAM keyboard-interactive
    authentication when PermitRootLogin is not set to yes and the correct
    root password is entered (Debian bug #248747, Ubuntu bug #4196).
  * Thanks to Colin Watson for preparing this patch.
  * References:
    CAN-2003-0190
    http://lab.mediaservice.net/advisory/2003-01-openssh.txt

4df9e6b... by Martin Pitt on 2005-10-17

Import patches-unapplied version 1:3.8.1p1-11ubuntu3.2 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 3053cc0aa054e1edab75b86126dd2c87a66d3316

New changelog entries:
  * SECURITY UPDATE: Information disclosure.
  * gss-serv.c, sshconnect2.c: Do not delegate GSSAPI credentials to log in
    with a different method than GSSAPI.
  * CAN-2005-2798
  * SECURITY UPDATE: fix two information leaks
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker) (Debian bug #281595, Ubuntu bug #3768).
  * Make sure that there's a delay in PAM keyboard-interactive
    authentication when PermitRootLogin is not set to yes and the correct
    root password is entered (Debian bug #248747, Ubuntu bug #4196).
  * Thanks to Colin Watson for preparing this patch.
  * References:
    CAN-2003-0190
    http://lab.mediaservice.net/advisory/2003-01-openssh.txt

1b47c8f... by Colin Watson on 2004-10-07

Import patches-applied version 1:3.8.1p1-11ubuntu3 to applied/ubuntu/warty

Imported using git-ubuntu import.

Unapplied parent: 3053cc0aa054e1edab75b86126dd2c87a66d3316

3053cc0... by Colin Watson on 2004-10-07

Import patches-unapplied version 1:3.8.1p1-11ubuntu3 to ubuntu/warty

Imported using git-ubuntu import.