diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 9a9095189..95ab72caf 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,6 +1,19 @@ | |||
| 1 | openssh (1:4.7p1-9) UNRELEASED; urgency=low | 1 | openssh (1:4.7p1-9) UNRELEASED; urgency=critical |
| 2 | 2 | ||
| 3 | * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. | 3 | * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. |
| 4 | * Mitigate OpenSSL security vulnerability: | ||
| 5 | - Add key blacklisting support. Keys listed in | ||
| 6 | /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by | ||
| 7 | sshd, unless "PermitBlacklistedKeys yes" is set in | ||
| 8 | /etc/ssh/sshd_config. | ||
| 9 | - Add a new program, ssh-vulnkey, which can be used to check keys | ||
| 10 | against these blacklists. | ||
| 11 | - Depend on openssh-blacklist. | ||
| 12 | - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least | ||
| 13 | 0.9.8g-9. | ||
| 14 | - Automatically regenerate known-compromised host keys, with a | ||
| 15 | critical-priority debconf note. (I regret that there was no time to | ||
| 16 | gather translations.) | ||
| 4 | 17 | ||
| 5 | -- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100 | 18 | -- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100 |
| 6 | 19 | ||