* Mitigate OpenSSL security vulnerability:

- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
author: Colin Watson <cjwatson@debian.org> 2008-05-12 23:33:01 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-12 23:33:01 +0000
commit: 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch)
tree: 92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /debian/changelog
parent: 19ccea525446d5a3c2a176d813c505be81b91cbf (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 9a9095189..95ab72caf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,19 @@
-openssh (1:4.7p1-9) UNRELEASED; urgency=low
+openssh (1:4.7p1-9) UNRELEASED; urgency=critical
  * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.
+  * Mitigate OpenSSL security vulnerability:
+    - Add key blacklisting support. Keys listed in
+      /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
+      sshd, unless "PermitBlacklistedKeys yes" is set in
+      /etc/ssh/sshd_config.
+    - Add a new program, ssh-vulnkey, which can be used to check keys
+      against these blacklists.
+    - Depend on openssh-blacklist.
+    - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
+      0.9.8g-9.
+    - Automatically regenerate known-compromised host keys, with a
+      critical-priority debconf note. (I regret that there was no time to
+      gather translations.)
 -- Colin Watson <cjwatson@debian.org>  Wed, 09 Apr 2008 14:57:43 +0100
author	Colin Watson <cjwatson@debian.org>	2008-05-12 23:33:01 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-12 23:33:01 +0000
commit	47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch)
tree	92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /debian/changelog
parent	19ccea525446d5a3c2a176d813c505be81b91cbf (diff)

diff --git a/debian/changelog b/debian/changelog index 9a9095189..95ab72caf 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,6 +1,19 @@
1	openssh (1:4.7p1-9) UNRELEASED; urgency=low	1	openssh (1:4.7p1-9) UNRELEASED; urgency=critical
2		2
3	* Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.	3	* Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.
		4	* Mitigate OpenSSL security vulnerability:
		5	- Add key blacklisting support. Keys listed in
		6	/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
		7	sshd, unless "PermitBlacklistedKeys yes" is set in
		8	/etc/ssh/sshd_config.
		9	- Add a new program, ssh-vulnkey, which can be used to check keys
		10	against these blacklists.
		11	- Depend on openssh-blacklist.
		12	- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
		13	0.9.8g-9.
		14	- Automatically regenerate known-compromised host keys, with a
		15	critical-priority debconf note. (I regret that there was no time to
		16	gather translations.)
4		17
5	-- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100	18	-- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100
6		19