[Bug 1313865] Re: Need to update 6.6p1 to 6.6.1p1

Robie Basak 1313865 at bugs.launchpad.net
Wed Apr 30 11:09:20 UTC 2014 

*** This bug is a duplicate of bug 1310781 ***
    https://bugs.launchpad.net/bugs/1310781

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

> Debian has updated sid to 6.6.1p1, and that should copy over to jessie
soon.

I only see 1:6.6p1-4, but this does include:

  * Apply upstream-recommended patch to fix bignum encoding for
    curve25519-sha256 at libssh.org, fixing occasional key exchange failures.

If this is the patch for which you filed this bug, then we should rename
this bug accordingly, since as far as I can tell 6.6.1p1 hasn't been
released yet, and this is confusing. It sounds like the patch itself can
be cherry-picked to Trusty.

I see 1:6.6p1-4 in utopic-proposed, so the fix should hit Utopic soon.

I see a patch here, which we can cherry-pick to Trusty:
http://sources.debian.net/src/openssh/1:6.6p1-4/debian/patches/curve25519-sha256
-bignum-encoding.patch

** Summary changed:

- Need to update 6.6p1 to 6.6.1p1
+ Bad bignum encoding for curve25519-sha256 at libssh.org

** Changed in: openssh (Ubuntu)
       Status: New => Triaged

** Changed in: openssh (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1313865

Title:
  Bad bignum encoding for curve25519-sha256 at libssh.org

Status in “openssh” package in Ubuntu:
  Triaged

Bug description:
  A patch for 6.6p1 was posted on the openssh list fixing a bug in the
  25519 negotiation and changing the reported version to 6.6.1p1.

  Future versions of openssh, version 6.6.1p1 itself, and other ssh
  software, such as libssh, will refuse to speak 25519 to anything which
  identifies itself as openssh 6.6p1or 6.5p1.

  The patch was posted for the express purpose of providing an easy
  update for 6.6p1 to avoid this bug.

  Debian has updated sid to 6.6.1p1, and that should copy over to jessie
  soon.  You can see their git for the details.

  Both utopic and trusty should get this update quickly.  And in trusty
  itself, not just -updates or -backports; notwithstanding the edit to
  the reported version it is a bug fix for 6.6p1.

  Any backports or updates repos which have 6.6p1 also should get the
  update to 6.6.1p1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1313865/+subscriptions

More information about the foundations-bugs mailing list