summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog15
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 9a9095189..95ab72caf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,19 @@
1openssh (1:4.7p1-9) UNRELEASED; urgency=low 1openssh (1:4.7p1-9) UNRELEASED; urgency=critical
2 2
3 * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. 3 * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.
4 * Mitigate OpenSSL security vulnerability:
5 - Add key blacklisting support. Keys listed in
6 /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
7 sshd, unless "PermitBlacklistedKeys yes" is set in
8 /etc/ssh/sshd_config.
9 - Add a new program, ssh-vulnkey, which can be used to check keys
10 against these blacklists.
11 - Depend on openssh-blacklist.
12 - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
13 0.9.8g-9.
14 - Automatically regenerate known-compromised host keys, with a
15 critical-priority debconf note. (I regret that there was no time to
16 gather translations.)
4 17
5 -- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100 18 -- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100
6 19