diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 9a9095189..95ab72caf 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,6 +1,19 @@ | |||
1 | openssh (1:4.7p1-9) UNRELEASED; urgency=low | 1 | openssh (1:4.7p1-9) UNRELEASED; urgency=critical |
2 | 2 | ||
3 | * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. | 3 | * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. |
4 | * Mitigate OpenSSL security vulnerability: | ||
5 | - Add key blacklisting support. Keys listed in | ||
6 | /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by | ||
7 | sshd, unless "PermitBlacklistedKeys yes" is set in | ||
8 | /etc/ssh/sshd_config. | ||
9 | - Add a new program, ssh-vulnkey, which can be used to check keys | ||
10 | against these blacklists. | ||
11 | - Depend on openssh-blacklist. | ||
12 | - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least | ||
13 | 0.9.8g-9. | ||
14 | - Automatically regenerate known-compromised host keys, with a | ||
15 | critical-priority debconf note. (I regret that there was no time to | ||
16 | gather translations.) | ||
4 | 17 | ||
5 | -- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100 | 18 | -- Colin Watson <cjwatson@debian.org> Wed, 09 Apr 2008 14:57:43 +0100 |
6 | 19 | ||