Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
closes: #480020).
|
|
|
|
closes: #481151).
|
|
glitches (thanks, Petter Reinholdtsen; closes: #481018).
|
|
|
|
#481283).
|
|
(thanks, Heiko Schlittermann and Christopher Perry; closes: #481398).
|
|
|
|
|
|
#482341).
|
|
openssh-server.
|
|
|
|
they differ, to defend against recurrences of the recent Debian OpenSSL
vulnerability.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Simon Tatham for the idea.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8g-9.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
|
|
- CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is
specified.
|
|
|
|
|
|
- Add code to actually implement GSSAPIStrictAcceptorCheck, which had
somehow been omitted from a previous version of this patch (closes:
#474246).
|
|
|