[Bug 230696] Re: Missing blacklist.RSA-1024
Can you please make openssh-blacklist-extra an Ubuntu package (including for 6.06 LTS)? -- Missing blacklist.RSA-1024 https://bugs.launchpad.net/bugs/230696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 230696] Re: Missing blacklist.RSA-1024
@Rolf: please try to be civil. It is actually the Ubuntu security team's work that is published in Debian. blacklist.RSA-1024 is a non-standard key size, and as such was intentionally not included in the security update. If you want to use the "-extra" blacklist package yourself, you can easily install them from Debian: ftp://ftp.debian.org/debian/pool/main/o/openssh-blacklist/openssh-blacklist-extra_0.3_all.deb ** Changed in: openssh-blacklist (Ubuntu) Assignee: (unassigned) => Kees Cook (keescook) Status: Confirmed => Won't Fix -- Missing blacklist.RSA-1024 https://bugs.launchpad.net/bugs/230696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 230696] Re: Missing blacklist.RSA-1024
Is the Ubuntu security team getting off their a** anytime soon? Come on guys, this is no joke! Plus, the fix is trivial and already in Debian. -- Missing blacklist.RSA-1024 https://bugs.launchpad.net/bugs/230696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 230696] Re: Missing blacklist.RSA-1024
Debian has a openssh-blacklist-extra package that includes this blacklist file and a few others: http://packages.debian.org/sid/openssh-blacklist-extra The download links are broken, but you can download the deb from http://http.us.debian.org/debian/pool/main/o/openssh-blacklist/openssh-blacklist-extra_0.3_all.deb (installs fine on Ubuntu systems). Someone also put together a package with an even more extensive list http://staff.cesnet.cz/~semik/openssh-blacklist/ Anyway, I agree that the RSA-1024 blacklist (at least) should be part of the standard package, and I like the Debian idea of having an even more extensive list for people with unusual key sizes! In the meantime the packages linked above did the job for me! -- Missing blacklist.RSA-1024 https://bugs.launchpad.net/bugs/230696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 230696] Re: Missing blacklist.RSA-1024
raised importance and cc'ed ubuntu-security ** Changed in: openssh-blacklist (Ubuntu) Importance: Undecided => Critical -- Missing blacklist.RSA-1024 https://bugs.launchpad.net/bugs/230696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 230696] Re: Missing blacklist.RSA-1024
Same here (Gutsy fully updated on Fri May 16 07:44:44 UTC 2008). This is an emergency. Please upgrade importance. ** Changed in: openssh-blacklist (Ubuntu) Status: New => Confirmed -- Missing blacklist.RSA-1024 https://bugs.launchpad.net/bugs/230696 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs