Last commit made on 2006-10-02
Get this branch:
git clone -b ubuntu/hoary-security https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

01b2218... by Martin Pitt on 2006-10-02

Import patches-unapplied version 1:3.9p1-1ubuntu2.3 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 517594eae2e4eff6a340e53292a7a1f42748ba10

New changelog entries:
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

517594e... by Martin Pitt on 2006-02-20

Import patches-unapplied version 1:3.9p1-1ubuntu2.2 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 4913cdd4a5ee6526919ba13cdb563efad9c7e788

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

4913cdd... by Martin Pitt on 2005-10-17

Import patches-unapplied version 1:3.9p1-1ubuntu2.1 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 6ac1c57981395deee16b5535f8d13c89417c0829

New changelog entries:
  * SECURITY UPDATE: Information disclosure.
  * gss-serv.c, sshconnect2.c: Do not delegate GSSAPI credentials to log in
    with a different method than GSSAPI.
  * CAN-2005-2798

6ac1c57... by Colin Watson on 2005-03-15

Import patches-unapplied version 1:3.9p1-1ubuntu2 to ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: 3053cc0aa054e1edab75b86126dd2c87a66d3316

New changelog entries:
  * Don't ask unnecessary and misplaced ssh/forward_warning debconf note
    (closes: Ubuntu #7363).
  * Resynchronise with Debian.
  * New upstream release.
    - PAM password authentication implemented again (closes: #238699,
    - Implemented the ability to pass selected environment variables between
      the client and the server.
    - Fix ssh-keyscan breakage when remote server doesn't speak SSH protocol
      (closes: #228828).
    - Fix res_query detection (closes: #242462).
    - 'ssh -c' documentation improved (closes: #265627).
  * Pass LANG and LC_* environment variables from the client by default, and
    accept them to the server by default in new installs, although not on
    upgrade (closes: #264024).
  * Build ssh in binary-indep, not binary-arch (thanks, LaMont Jones).
  * Expand on openssh-client package description (closes: #273831).
  * Resynchronise with Debian.
  * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker; closes: #281595).
  * Make sure that there's a delay in PAM keyboard-interactive
    authentication when PermitRootLogin is not set to yes and the correct
    root password is entered (closes: #248747).
  * Resynchronise with Debian.
  * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
  * debconf template translations:
    - Update Dutch (thanks, cobaco; closes: #278715).
  * Correct README.Debian's ForwardX11Trusted description (closes: #280190).
  * Resynchronise with Debian.
  * Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
  * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
    1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
    implementations apparently have problems with the long version string.
    This is of course a bug in those implementations, but since the extent
    of the problem is unknown it's best to play safe (closes: #275731).
  * debconf template translations:
    - Add Finnish (thanks, Matti Pöllä; closes: #265339).
    - Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
    - Update French (thanks, Denis Barbier; closes: #276703).
    - Update Japanese (thanks, Kenshi Muto; closes: #277438).

3053cc0... by Colin Watson on 2004-10-07

Import patches-unapplied version 1:3.8.1p1-11ubuntu3 to ubuntu/warty

Imported using git-ubuntu import.