Hi Moritz, > > > From the upstream changelog for 2.7.1+dfsg-1 (already in unstable): > > [..] > > > - user module - do not pass ssh_key_passphrase on cmdline > > > (CVE-2018-16837) […] > We can fix that one in a DSA, but should also fix CVE-2018-10875 > and CVE-2018-10874, then.
Cool. I will therefore leave this with the stable security team for now but will handle CVE-2018-16837 in jessie LTS. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-