Comment 7 for bug 162171

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.6p1-5ubuntu0.1

---------------
openssh (1:4.6p1-5ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: trusted cookie leak when untrusted cookie cannot be
    generated.
  * debian/control: Updated Maintainer Field to follow Ubuntu Maintainer Policy
  * clientloop.c: Applied patch according to openssh upstream (LP: #162171),
    thanks to Stephan Hermann.
  * References:
    CVE-2007-4752
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444738
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181

 -- Kees Cook <email address hidden> Wed, 09 Jan 2008 12:37:26 -0800