Comment 8 for bug 162171

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.3p2-8ubuntu1.1

---------------
openssh (1:4.3p2-8ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: trusted cookie leak when untrusted cookie cannot be
    generated.
  * clientloop.c: Applied patch according to openssh upstream (LP: #162171),
    thanks to Stephan Hermann.
  * References:
    CVE-2007-4752
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444738
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181

 -- Kees Cook <email address hidden> Wed, 09 Jan 2008 12:39:28 -0800