Last commit made on 2006-02-21
Get this branch:
git clone -b ubuntu/warty-security https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

b1e1c7a... by Martin Pitt on 2006-02-20

Import patches-unapplied version 1:3.8.1p1-11ubuntu3.3 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 4df9e6b585b6676ad6548ebcd329893e78477f1a

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

4df9e6b... by Martin Pitt on 2005-10-17

Import patches-unapplied version 1:3.8.1p1-11ubuntu3.2 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 3053cc0aa054e1edab75b86126dd2c87a66d3316

New changelog entries:
  * SECURITY UPDATE: Information disclosure.
  * gss-serv.c, sshconnect2.c: Do not delegate GSSAPI credentials to log in
    with a different method than GSSAPI.
  * CAN-2005-2798
  * SECURITY UPDATE: fix two information leaks
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker) (Debian bug #281595, Ubuntu bug #3768).
  * Make sure that there's a delay in PAM keyboard-interactive
    authentication when PermitRootLogin is not set to yes and the correct
    root password is entered (Debian bug #248747, Ubuntu bug #4196).
  * Thanks to Colin Watson for preparing this patch.
  * References:

3053cc0... by Colin Watson on 2004-10-07

Import patches-unapplied version 1:3.8.1p1-11ubuntu3 to ubuntu/warty

Imported using git-ubuntu import.