summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2008-05-21Recommend openssh-blacklist-extra from openssh-client andColin Watson
openssh-server.
2008-05-21Recommend openssh-blacklist from openssh-client.Colin Watson
2008-05-20Generate two keys with the PID forced to the same value and test thatColin Watson
they differ, to defend against recurrences of the recent Debian OpenSSL vulnerability.
2008-05-19Update Vietnamese (thanks, Clytie Siddall; closes: #481876).Colin Watson
2008-05-19Update Bulgarian (thanks, Damyan Ivanov; closes: #481870).Colin Watson
2008-05-19Update Basque (thanks, Piarres Beobide; closes: #481836).Colin Watson
2008-05-18sync changelog credit with Last-TranslatorColin Watson
2008-05-18Update Portuguese (thanks, Rui Branco; closes: #481781).Colin Watson
2008-05-18Update German (thanks, Helge Kreutzmann; closes: #481676).Colin Watson
2008-05-17Update Czech (thanks, Miroslav Kure; closes: #481624).Colin Watson
2008-05-17update Finnish againColin Watson
2008-05-17Update Japanese (thanks, Kenshi Muto; closes: #481621).Colin Watson
2008-05-17Update Galician (thanks, Jacobo Tarrio; closes: #481596).Colin Watson
2008-05-17Update Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #481591).Colin Watson
2008-05-17Update French (thanks, Christian Perrier; closes: #481576).Colin Watson
2008-05-17Check RSA1 keys without the need for a separate blacklist. Thanks toColin Watson
Simon Tatham for the idea.
2008-05-17update Finnish translationColin Watson
2008-05-17debconf-updatepoColin Watson
2008-05-17${HOST_KEYS} not translatableColin Watson
2008-05-17Fix typo in ssh/vulnerable_host_keys message (thanks, Esko Arajärvi).Colin Watson
2008-05-14releasing version 1:4.7p1-10Colin Watson
2008-05-14clarifyColin Watson
2008-05-14ssh-vulnkey handles options in authorized_keys (LP: #230029).Colin Watson
2008-05-14ignore debian/*.debhelper.logColin Watson
2008-05-14Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).Colin Watson
2008-05-13releasing version 1:4.7p1-9Colin Watson
2008-05-13changed ssh-vulnkey outputColin Watson
2008-05-13update from mdzColin Watson
2008-05-13compressionColin Watson
2008-05-13add repair instructions from MattColin Watson
2008-05-13add CVE identifier for OpenSSL vulnerabilityColin Watson
2008-05-12* Mitigate OpenSSL security vulnerability:Colin Watson
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
2008-04-09Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.Colin Watson
- CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified.
2008-04-06releasing version 1:4.7p1-8Colin Watson
2008-04-06urgency=high for security fixesColin Watson
2008-04-06Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:Colin Watson
- Add code to actually implement GSSAPIStrictAcceptorCheck, which had somehow been omitted from a previous version of this patch (closes: #474246).
2008-04-06typoColin Watson
2008-04-06Backport from 4.9p1:Colin Watson
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see http://www.securityfocus.com/bid/28531/info). - Add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc.
2008-04-04Tweak scp's reporting of filenames in verbose mode to be a bit lessColin Watson
confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
2008-04-04Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from oldColin Watson
configurations (LP: #211400).
2008-04-01Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5.Colin Watson
- CVE-2008-1483: Don't use X11 forwarding port which can't be bound on all address families, preventing hijacking of X11 forwarding by
2008-03-31releasing version 1:4.7p1-7Colin Watson
2008-03-31Ignore errors writing to oom_adj (closes: #473573).Colin Watson
2008-03-30releasing version 1:4.7p1-6Colin Watson
2008-03-30* Disable the Linux kernel's OOM-killer for the sshd parent; tweakColin Watson
SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767).
2008-03-22releasing version 1:4.7p1-5Colin Watson
2008-03-22* Use printf rather than echo -en (a bashism) in openssh-server.config andColin Watson
openssh-server.preinst.
2008-03-22more detail on #463011Colin Watson
2008-03-22* Patch from Red Hat / Fedora:Colin Watson
- Don't use X11 forwarding port which can't be bound on all address families (closes: #463011).
2008-03-18* Document in ssh(1) that '-S none' disables connection sharingColin Watson
(closes: #471437).