Your message dated Tue, 23 Sep 2003 17:07:29 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#212463: pam security problem in OpenSSH again?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Sep 2003 21:00:22 +0000
>From [EMAIL PROTECTED] Tue Sep 23 16:00:12 2003
Return-path: <[EMAIL PROTECTED]>
Received: from h006067091a61.ne.client2.attbi.com (osiris.978.org)
[24.147.172.248]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1A1uGY-000456-00; Tue, 23 Sep 2003 16:00:10 -0500
Received: (qmail 26417 invoked by uid 1000); 23 Sep 2003 21:00:07 -0000
Date: Tue, 23 Sep 2003 17:00:07 -0400
From: Brian Ristuccia <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: pam security problem in OpenSSH again?
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Debbugs-Cc: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-6.0 required=4.0
tests=BAYES_30,HAS_PACKAGE
version=2.53-bugs.debian.org_2003_9_21
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_9_21
(1.174.2.15-2003-03-30-exp)
Package: ssh
Version: 1:3.4p1-1.woody.3
Serverity: grave
Looks like there's some serious security problem in the PAM implementation.
There's been a lot of changes in this area after 1.3.6, so it's not clear if
the version Debian is distributing are affected. Someone, either the
security team or the package maintainer, should have a look.
http://www.securityfocus.com/archive/121/338616
http://www.securityfocus.com/archive/121/338617
--
Brian Ristuccia
[EMAIL PROTECTED]
[EMAIL PROTECTED]
---------------------------------------
Received: (at 212463-done) by bugs.debian.org; 23 Sep 2003 21:08:06 +0000
>From [EMAIL PROTECTED] Tue Sep 23 16:07:31 2003
Return-path: <[EMAIL PROTECTED]>
Received: from smtp01.mrf.mail.rcn.net [207.172.4.60]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1A1uNe-0005cj-00; Tue, 23 Sep 2003 16:07:30 -0500
Received: from 216-15-124-77.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com
([216.15.124.77] helo=mizar.alcor.net)
by smtp01.mrf.mail.rcn.net with esmtp (Exim 3.35 #4)
id 1A1uNd-0006XO-00; Tue, 23 Sep 2003 17:07:29 -0400
Received: from mdz by mizar.alcor.net with local (Exim 3.36 #1 (Debian))
id 1A1uNd-0000i7-00; Tue, 23 Sep 2003 17:07:29 -0400
Date: Tue, 23 Sep 2003 17:07:29 -0400
From: Matt Zimmerman <[EMAIL PROTECTED]>
To: Brian Ristuccia <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#212463: pam security problem in OpenSSH again?
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.4i
Sender: Matt Zimmerman <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-5.7 required=4.0
tests=EMAIL_ATTRIBUTION,QUOTED_EMAIL_TEXT
version=2.53-bugs.debian.org_2003_9_21
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_9_21
(1.174.2.15-2003-03-30-exp)
On Tue, Sep 23, 2003 at 05:00:07PM -0400, Brian Ristuccia wrote:
> Looks like there's some serious security problem in the PAM implementation.
> There's been a lot of changes in this area after 1.3.6, so it's not clear if
> the version Debian is distributing are affected. Someone, either the
> security team or the package maintainer, should have a look.
>
> http://www.securityfocus.com/archive/121/338616
> http://www.securityfocus.com/archive/121/338617
Doesn't affect Debian at all; stable, testing or unstable.
--
- mdz
