Hi Moritz, > > > From the upstream changelog for 2.7.1+dfsg-1 (already in unstable): > > [..] > > > - user module - do not pass ssh_key_passphrase on cmdline > > > (CVE-2018-16837) […] > We can fix that one in a DSA, but should also fix CVE-2018-10875 > and CVE-2018-10874, then.
Cool. I will therefore leave this with the stable security team for
now but will handle CVE-2018-16837 in jessie LTS.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
