Hi OpenSSH Maintainers and LTS team I have prepared an update for wheezy now.
You can find the debdiff here: http://apt.inguza.net/wheezy-security/openssh/openssh.debdiff And the prepared package here: http://apt.inguza.net/wheezy-security/openssh/ I have regression tested the package by installing it and checked that I can still log in (using password, not key). I also reproduced the problem by entering a very long password (> 1024 characters) and I was denied. Whether that was because it did not calculate the hash or not is hard to tell. I was not allowed to enter such a long password by passwd command. I will upload the correction in four days (that is on Friday) unless anyone objects. Best regards // Ola On Tue, Aug 9, 2016 at 7:07 AM, Guido Günther <a...@sigxcpu.org> wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of openssh: > https://security-tracker.debian.org/tracker/CVE-2016-6515 > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Guido Günther, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
