Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jan 2012 11:40:47 +0100
From: Yves-Alexis Perez <>
Subject: Re: CVE Request: Debian (others?) openssh-server:
 Forced Command handling leaks private information to ssh clients

On jeu., 2012-01-26 at 19:49 -0500, Marc Deslauriers wrote:
> > Please use CVE-2012-0814 for this issue. Also please let me know if
> > other Linux distributions are affected!
> > 
> > 
> Looks like this (I haven't tried...):

By the way, is the ForceCommand (and other directives) really supposed
to be private for different keys (or, more widely, for different matches
for the same user).


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ