summaryrefslogtreecommitdiff
path: root/debian/changelog
AgeCommit message (Collapse)Author
2008-05-26Make 'ssh-vulnkey -v' output each file name it examines (thanks, HughColin Watson
Daniel).
2008-05-26Fix error output if ssh-vulnkey fails to read key files, with theColin Watson
exception of host keys unless -a was given (thanks, Hugh Daniel).
2008-05-26Add key type to ssh-vulnkey output.Colin Watson
2008-05-26Document ssh-vulnkey key status descriptions (thanks, Hugh Daniel).Colin Watson
2008-05-25Move ssh-vulnkey's exit status documentation to a separate sectionColin Watson
(thanks, Hugh Daniel).
2008-05-25Add -v (verbose) option to ssh-vulnkey, and don't print output for keysColin Watson
that have a blacklist file but that are not listed unless in verbose mode (thanks, Hugh Daniel).
2008-05-25Log IP addresses of hosts attempting to use blacklisted keys (closes:Colin Watson
#481721).
2008-05-25Update Italian (thanks, Luca Monducci; closes: #482808).Colin Watson
2008-05-25Update Swedish (thanks, Martin Bagge; closes: #482464).Colin Watson
2008-05-25Restore OOM killer adjustment for child processes (thanks, Vaclav Ovsik;Colin Watson
closes: #480020).
2008-05-25Remove 0 and 6 from Default-Stop in init script (thanks, Kel Modderman;Colin Watson
closes: #481151).
2008-05-25Make init script depend on $syslog, and fix some other dependencyColin Watson
glitches (thanks, Petter Reinholdtsen; closes: #481018).
2008-05-25Update Russian (thanks, Yuri Kozlov; closes: #482887).Colin Watson
2008-05-25Check for blacklists in /usr/share/ssh/ as well as /etc/ssh/ (seeColin Watson
#481283).
2008-05-25Make ssh-vulnkey report the file name and line number for each keyColin Watson
(thanks, Heiko Schlittermann and Christopher Perry; closes: #481398).
2008-05-25recommending openssh-blacklist closes: #481187Colin Watson
2008-05-25 - Update Turkish (thanks, Mert Dirik; closes: #482548).Colin Watson
2008-05-21Update Spanish (thanks, Javier Fernandez-Sanguino Peña; closes:Colin Watson
#482341).
2008-05-21Recommend openssh-blacklist-extra from openssh-client andColin Watson
openssh-server.
2008-05-21Recommend openssh-blacklist from openssh-client.Colin Watson
2008-05-20Generate two keys with the PID forced to the same value and test thatColin Watson
they differ, to defend against recurrences of the recent Debian OpenSSL vulnerability.
2008-05-19Update Vietnamese (thanks, Clytie Siddall; closes: #481876).Colin Watson
2008-05-19Update Bulgarian (thanks, Damyan Ivanov; closes: #481870).Colin Watson
2008-05-19Update Basque (thanks, Piarres Beobide; closes: #481836).Colin Watson
2008-05-18sync changelog credit with Last-TranslatorColin Watson
2008-05-18Update Portuguese (thanks, Rui Branco; closes: #481781).Colin Watson
2008-05-18Update German (thanks, Helge Kreutzmann; closes: #481676).Colin Watson
2008-05-17Update Czech (thanks, Miroslav Kure; closes: #481624).Colin Watson
2008-05-17Update Japanese (thanks, Kenshi Muto; closes: #481621).Colin Watson
2008-05-17Update Galician (thanks, Jacobo Tarrio; closes: #481596).Colin Watson
2008-05-17Update Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #481591).Colin Watson
2008-05-17Update French (thanks, Christian Perrier; closes: #481576).Colin Watson
2008-05-17Check RSA1 keys without the need for a separate blacklist. Thanks toColin Watson
Simon Tatham for the idea.
2008-05-17debconf-updatepoColin Watson
2008-05-17Fix typo in ssh/vulnerable_host_keys message (thanks, Esko Arajärvi).Colin Watson
2008-05-14releasing version 1:4.7p1-10Colin Watson
2008-05-14clarifyColin Watson
2008-05-14ssh-vulnkey handles options in authorized_keys (LP: #230029).Colin Watson
2008-05-14Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).Colin Watson
2008-05-13releasing version 1:4.7p1-9Colin Watson
2008-05-13add CVE identifier for OpenSSL vulnerabilityColin Watson
2008-05-12* Mitigate OpenSSL security vulnerability:Colin Watson
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
2008-04-09Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.Colin Watson
- CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified.
2008-04-06releasing version 1:4.7p1-8Colin Watson
2008-04-06urgency=high for security fixesColin Watson
2008-04-06Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:Colin Watson
- Add code to actually implement GSSAPIStrictAcceptorCheck, which had somehow been omitted from a previous version of this patch (closes: #474246).
2008-04-06typoColin Watson
2008-04-06Backport from 4.9p1:Colin Watson
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see http://www.securityfocus.com/bid/28531/info). - Add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc.
2008-04-04Tweak scp's reporting of filenames in verbose mode to be a bit lessColin Watson
confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
2008-04-04Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from oldColin Watson
configurations (LP: #211400).