Your message dated Thu, 03 Jan 2019 21:47:16 +0000
with message-id <[email protected]>
and subject line Bug#913870: fixed in libssh 0.7.3-2+deb9u2
has caused the Debian Bug report #913870,
regarding Recent security update broke server-side keyboard-interactive
authentication
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
913870: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssh-4
Version: 0.7.3-2+deb9u1
Severity: important
Tags: patch
Hello,
0.8.4 and the backported fixes for CVE-2018-10933 cause server-side
keyboard-interactive authentication to completely break. See
https://bugs.libssh.org/T117 for details and a reproducer.
This was fixed upstream as part of the 0.8.5 release, so unstable/testing
should be updated to that (see https://bugs.debian.org/913242).
For stable, please backport the fix:
https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4
Thanks,
Martin
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.7.3-2+deb9u2
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 31 Dec 2018 14:47:15 +0100
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-doc
Architecture: source
Version: 0.7.3-2+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Laurent Bigonville <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 913870
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
libssh-doc - tiny C SSH library. Documentation files
libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Changes:
libssh (0.7.3-2+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix broken server-side keyboard-interactive authentication.
Thanks to Martin Pitt (Closes: #913870)
Checksums-Sha1:
caf33f5b4ff8d63f2e5eb14ed41e86dfd81a8908 2463 libssh_0.7.3-2+deb9u2.dsc
a35a80198f6a61c9531a90db7167de6cf764b5be 25428
libssh_0.7.3-2+deb9u2.debian.tar.xz
Checksums-Sha256:
3f145b85528f349028ffbb1b9755f117a3072e74513de13b107f6d3e47f637f4 2463
libssh_0.7.3-2+deb9u2.dsc
80d2164b969415b9c81adee7195799f87c32bc35454049f255cfc0e055e7b2c9 25428
libssh_0.7.3-2+deb9u2.debian.tar.xz
Files:
d99e0f1b4bb825126c10ec4fd4dcb2ae 2463 libs optional libssh_0.7.3-2+deb9u2.dsc
fc5c81c7f951db92ef883f030127cd1f 25428 libs optional
libssh_0.7.3-2+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwqH0xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EYpEP/0mqMz/AlhfGXcZzaiG/lKfmCO1XxhRP
BjuRAS5b1Ba8qSH/QT0oziwTkMLBCqX//gFKqCiLRDDa+GMroCYacHIEwNabY8eI
nMcYXMIm8BQWQ4Hk0qCY2MTO05OcpgzB7QYinS9TX/sJh1AsapdtCb53GkgiSqng
M5q5bgjldQEMs6evt6UcShI2A0lWKCChFBm4ww9LTMSsCqu6dX2VuClCBTr1k1Mn
odLBnh1EEyBhaxxmk82D+Yxr93CpHlrlM0Bbp4+9SJAFu45aYpO1hIN3xI79HsUt
cK0Uc04rrqPY6ApGiJ/ZpT34wlfkS8jFm5tM9H7idW/h89/FZu4LMhFRfbARRsHd
vCi0iN9Z9aLeWUklvlM9yHBFO8ogFiGM6/g2uDxIJbJHUvlpEB5QqPFpd9axRAxT
iFAOW4QX987k91nab0FtjMhhIMT6tEU5IrsdsqjwwZN1erIG97WDp3zpudY/1hzQ
mxYM+Z2uzlYLfa7JxWW5v88ZA2T2EJknS/G5pFsxUH0zoROLrLhOQgh9LF7PAFOV
ikEwArNq+Vfc4IENipy2fswpMOxMFZ0PTN2UNglwWWIxiKTLd6DNBNDLq8as3ib2
gUk/2LDNl5khkqed6mbkcfcB+0OPr4Y8CgCurAQbhqGZ8wo3lRUAWTq8gwWhWxTD
pRLcp1yLjH/X
=u3me
-----END PGP SIGNATURE-----
--- End Message ---
