Accepted openssh 1:4.2p1-5ubuntu1 (source)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 31 Oct 2005 07:46:44 -0500
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source
Version: 1:4.2p1-5ubuntu1
Distribution: dapper
Urgency: low
Maintainer: Matthew Vernon <matthew at debian.org>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - Secure shell client for the Debian installer
 openssh-server - Secure shell server, an rshd replacement
 openssh-server-udeb - Secure shell server for the Debian installer
 ssh        - Secure shell client and server (transitional package)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 152657 181162 208648 275472 320104 324695 326065 328372 328388 328606
Changes: 
 openssh (1:4.2p1-5ubuntu1) dapper; urgency=low
 .
   * Resynchronise with Debian.
 .
 openssh (1:4.2p1-5) unstable; urgency=low
 .
   * Add a CVE name to the 1:4.0p1-1 changelog entry.
   * Build-depend on libselinux1-dev on armeb.
   * Only send GSSAPI proposal if GSSAPIAuthentication is enabled.
   * Build-depend on libssl-dev (>= 0.9.8-1) to cope with surprise OpenSSL
     transition, since otherwise who knows what the buildds will do. If
     you're building openssh yourself, you can safely ignore this and use an
     older libssl-dev.
 .
 openssh (1:4.2p1-4) unstable; urgency=low
 .
   * Initialise token to GSS_C_EMPTY_BUFFER in ssh_gssapi_check_mechanism
     (closes: #328606).
 .
 openssh (1:4.2p1-3) unstable; urgency=low
 .
   * Add prototype for ssh_gssapi_server_mechanisms (closes: #328372).
   * Interoperate with ssh-krb5 << 3.8.1p1-1 servers, which used a slightly
     different version of the gssapi authentication method (thanks, Aaron M.
     Ucko; closes: #328388).
   * Explicitly tell po2debconf to use the 'popular' output encoding, so that
     the woody-compatibility hack works even with po-debconf 0.9.0.
 .
 openssh (1:4.2p1-2) unstable; urgency=low
 .
   * Annotate 1:4.2p1-1 changelog with CVE references.
   * Add remaining pieces of Kerberos support (closes: #152657, #275472):
     - Add GSSAPI key exchange support from
       http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen
       Frost).
     - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr.
     - openssh-client and openssh-server replace ssh-krb5.
     - Update commented-out Kerberos/GSSAPI options in default sshd_config.
     - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos in
       gss-serv-krb5.c.
 .
 openssh (1:4.2p1-1) unstable; urgency=low
 .
   * New upstream release.
     - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that
       caused GatewayPorts to be incorrectly activated for dynamic ("-D")
       port forwardings when no listen address was explicitly specified
       (closes: #326065).
     - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI
       credentials. This code is only built in openssh-krb5, not openssh, but
       I mention the CVE reference here anyway for completeness.
     - Add a new compression method ("Compression delayed") that delays zlib
       compression until after authentication, eliminating the risk of zlib
       vulnerabilities being exploited by unauthenticated users. Note that
       users of OpenSSH versions earlier than 3.5 will need to disable
       compression on the client or set "Compression yes" (losing this
       security benefit) on the server.
     - Increase the default size of new RSA/DSA keys generated by ssh-keygen
       from 1024 to 2048 bits (closes: #181162).
     - Many bugfixes and improvements to connection multiplexing.
     - Don't pretend to accept $HOME (closes: #208648).
   * debian/rules: Resynchronise CFLAGS with that generated by configure.
   * openssh-client and openssh-server conflict with pre-split ssh to avoid
     problems when ssh is left un-upgraded (closes: #324695).
   * Set X11Forwarding to yes in the default sshd_config (new installs only).
     At least when X11UseLocalhost is turned on, which is the default, the
     security risks of using X11 forwarding are risks to the client, not to
     the server (closes: #320104).
Files: 
 7625d880039a8b6e083c9e61f2cfce4f 999 net standard openssh_4.2p1-5ubuntu1.dsc
 93295701e6bcd76fabd6a271654ed15c 928420 net standard openssh_4.2p1.orig.tar.gz
 4fca5b9ea030769e62de1cff32ec70af 164313 net standard openssh_4.2p1-5ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDZhKP9t0zAhD6TNERAssVAJ9tVs3Um23MWJCmshVD464fSbiV3ACeLdQi
DPdr/MK+y0Abc0tO6ItPEp0=
=Oz/a
-----END PGP SIGNATURE-----


Accepted:
openssh_4.2p1-5ubuntu1.diff.gz
  to pool/main/o/openssh/openssh_4.2p1-5ubuntu1.diff.gz
openssh_4.2p1-5ubuntu1.dsc
  to pool/main/o/openssh/openssh_4.2p1-5ubuntu1.dsc
openssh_4.2p1.orig.tar.gz
  to pool/main/o/openssh/openssh_4.2p1.orig.tar.gz