Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-02-24 Thread Nico Golde
Source: dropbear Severity: grave Tags: security patch Hey, below is a forwarded report describing a vulnerability in dropbear. Cheers Nico - Forwarded message from Danny Fullerton - Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitra

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-02-27 Thread Nico Golde
Hi, * Gerrit Pape [2012-02-27 15:48]: > On Fri, Feb 24, 2012 at 03:54:34PM +0100, Nico Golde wrote: > > Source: dropbear > > Severity: grave > > Tags: security patch > > > > Hey, > > below is a forwarded report describing a vulnerability in dropbear. > > Accoring to upstream's changelog, this al

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-02-28 Thread Florian Weimer
* Gerrit Pape: > For stable, I backported the fix to 0.52, swiftly checked with upstream > (thx Matt), and prepared theses changes (debdiff attached): Thanks. Please build with -sa and upload to security-master. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subje

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-02-29 Thread Gerrit Pape
On Fri, Feb 24, 2012 at 03:54:34PM +0100, Nico Golde wrote: > Source: dropbear > Severity: grave > Tags: security patch > > Hey, > below is a forwarded report describing a vulnerability in dropbear. Hi Nico, the upload to unstable is on the way. Accoring to upstream's changelog, this also affect

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-02-29 Thread Gerrit Pape
On Mon, Feb 27, 2012 at 03:54:11PM +0100, Nico Golde wrote: > * Gerrit Pape [2012-02-27 15:48]: > > Accoring to upstream's changelog, this also affects squeeze. Are you > > already working on that, or shall I prepare an upload to stable? > > If you have the time to prepare stable updates that wo

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability

2012-04-06 Thread lbft
The fix for this bug never made its way through to squeeze. It still has the vulnerable 0.52-5 version rather than the fixed 0.52-5+squeeze1 version. Could someone please have a look? Thank you! Luke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "u

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-04-23 Thread Gerrit Pape
Hi Team, do you have any news on this pending security fix? If I can be of any help, please don't hesitate to ask. Regards, Gerrit. On Tue, Feb 28, 2012 at 10:13:07AM +, Gerrit Pape wrote: > On Mon, Feb 27, 2012 at 03:54:11PM +0100, Nico Golde wrote: > > * Gerrit Pape [2012-02-27 15:48]:

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

2012-04-23 Thread Moritz Mühlenhoff
On Mon, Apr 23, 2012 at 09:58:33AM +, Gerrit Pape wrote: > Hi Team, > > do you have any news on this pending security fix? If I can be of any > help, please don't hesitate to ask. Sorry for the delay. I've just released the DSA. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-