openssh: CVE-2015-5352: XSECURITY restrictions bypass under certain conditions in ssh

Debian Bug report logs - #790798
openssh: CVE-2015-5352: XSECURITY restrictions bypass under certain conditions in ssh

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <mmuhlenhoff@wikimedia.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2015-5352

Date: Wed, 01 Jul 2015 21:31:37 +0200

Source: openssh
Severity: important
Tags: security

Hi Colin,
CVE-2015-5352 was assigned to this change from 6.9:

>  * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
>    connections made after ForwardX11Timeout expired could be permitted
>    and no longer subject to XSECURITY restrictions because of an
>    ineffective timeout check in ssh(1) coupled with "fail open"
>    behaviour in the X11 server when clients attempted connections with
>    expired credentials. This problem was reported by Jann Horn.

Fix:
https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d

I don't think this warrants a DSA, we can line up the fix for a future
DSA or a jessie point update. Or do yo disagree?

Cheers,
        Moritz

Message #20 received at 790798@bugs.debian.org (full text, mbox, reply):

From: Aníbal Monsalve Salazar <anibal@debian.org>

To: 790798@bugs.debian.org

Subject: Re: CVE-2015-5352

Date: Thu, 9 Jul 2015 23:55:24 +1000

On Wed, 2015-07-01 21:31:37 +0200, Moritz Muehlenhoff wrote:
> Hi Colin,
> CVE-2015-5352 was assigned to this change from 6.9:
>
>>  * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
>>    connections made after ForwardX11Timeout expired could be permitted
>>    and no longer subject to XSECURITY restrictions because of an
>>    ineffective timeout check in ssh(1) coupled with "fail open"
>>    behaviour in the X11 server when clients attempted connections with
>>    expired credentials. This problem was reported by Jann Horn.
>
> Fix:
> https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d

More information about CVE-2015-5352 is available at:
https://thejh.net/written-stuff/openssh-6.8-xsecurity

> I don't think this warrants a DSA, we can line up the fix for a future
> DSA or a jessie point update. Or do yo disagree?
>
> Cheers,
>         Moritz

Message #25 received at 790798-close@bugs.debian.org (full text, mbox, reply):

From: Mike Gabriel <sunweaver@debian.org>

To: 790798-close@bugs.debian.org

Subject: Bug#790798: fixed in openssh 1:5.5p1-6+squeeze6

Date: Fri, 07 Aug 2015 11:26:29 +0000

Source: openssh
Source-Version: 1:5.5p1-6+squeeze6

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 790798@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 07 Aug 2015 09:15:26 +0200
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:5.5p1-6+squeeze6
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 790798 793616
Changes: 
 openssh (1:5.5p1-6+squeeze6) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * CVE-2015-5352: Reject X11 connections after hard-coded Xauth cookie
     expiration time of 1200 seconds. (Closes: #790798).
   * CVE-2015-5600: Only query each keyboard-interactive device once per
     authentication request regardless of how many times it is listed.
     (Closes: #793616).
Checksums-Sha1: 
 7c3eda44c859068680bf7b6ef2e4bf8a3e5ea75d 2484 openssh_5.5p1-6+squeeze6.dsc
 d28228495c31d51b5e9df3f437edcf82ca0f78bd 240919 openssh_5.5p1-6+squeeze6.debian.tar.gz
 1d3524b56f32679908d3417e0b40bdf0c2a585a0 937402 openssh-client_5.5p1-6+squeeze6_amd64.deb
 649222bdad5ac22085a9d731eed2c1259daebe80 318966 openssh-server_5.5p1-6+squeeze6_amd64.deb
 0ace9e62fdd12a078cc9685be97c5864e787d946 1242 ssh_5.5p1-6+squeeze6_all.deb
 87a319dc2920cca6c0a3e034f90fd1c2e6aa05b6 96128 ssh-krb5_5.5p1-6+squeeze6_all.deb
 bebe17b45bd6c66963d9b14400abc3e268d168f3 104400 ssh-askpass-gnome_5.5p1-6+squeeze6_amd64.deb
 0b607113191eea5604a230f9d142cc5744c95e0b 216160 openssh-client-udeb_5.5p1-6+squeeze6_amd64.udeb
 34680b2c5de2667f3815c18a31f25f0c1ed44c76 244352 openssh-server-udeb_5.5p1-6+squeeze6_amd64.udeb
Checksums-Sha256: 
 b03fb19b28b0617a812853ee604bb1847831387c2c670e3d314d95f0f466e211 2484 openssh_5.5p1-6+squeeze6.dsc
 6f2f09204c6bccbdfa1b96620829e640767846e34b6d66b32e3ab74eb1f6de85 240919 openssh_5.5p1-6+squeeze6.debian.tar.gz
 6ad6f1d9c55b1349c89351bb2c864d4a46704bd66c90f25d8785a7a1813155e6 937402 openssh-client_5.5p1-6+squeeze6_amd64.deb
 6952c2932e580b4d8224a41c71389068d2424581c9e0209e564f4d0558903084 318966 openssh-server_5.5p1-6+squeeze6_amd64.deb
 bc21415749c6523ac8629f2ab3338fc2de3b0eabb167813cde152f7e6a072579 1242 ssh_5.5p1-6+squeeze6_all.deb
 cd0f6107afd7bc6fdc8071a9e1c9eab327ee449ce4592f279986092c73bc1817 96128 ssh-krb5_5.5p1-6+squeeze6_all.deb
 143f9e6d975f7f5c4d0a5695e249d2ef13ec7ebf3b436c53b9ff193e0488a34a 104400 ssh-askpass-gnome_5.5p1-6+squeeze6_amd64.deb
 2b6e32f6c405576cedc0d6f557a25f68819b06b794a217b8cb4710b408acedce 216160 openssh-client-udeb_5.5p1-6+squeeze6_amd64.udeb
 72c7f6896e9b8e00bfd91a52a65d3025265ccf48555ea08663e84912db9c6862 244352 openssh-server-udeb_5.5p1-6+squeeze6_amd64.udeb
Files: 
 1ebbec643f9764dc35a32ea247d8c56b 2484 net standard openssh_5.5p1-6+squeeze6.dsc
 f09cae348b7af2d232864c743428e2d9 240919 net standard openssh_5.5p1-6+squeeze6.debian.tar.gz
 64d91d77c255088d803f12a7fd9829b0 937402 net standard openssh-client_5.5p1-6+squeeze6_amd64.deb
 03ce1fddb818c41e1707c34779227e14 318966 net optional openssh-server_5.5p1-6+squeeze6_amd64.deb
 ad0a798fad7d08ab1ad6c195a613e975 1242 net extra ssh_5.5p1-6+squeeze6_all.deb
 3d76ea1764032ab5d836cd9f347c09aa 96128 net extra ssh-krb5_5.5p1-6+squeeze6_all.deb
 de70b17a69694f1da1bef9ea1b6f8588 104400 gnome optional ssh-askpass-gnome_5.5p1-6+squeeze6_amd64.deb
 a7854c2a53a98e44e2ae654aaa18ff50 216160 debian-installer optional openssh-client-udeb_5.5p1-6+squeeze6_amd64.udeb
 043d9455d0628d8c2e60750e0507bc67 244352 debian-installer optional openssh-server-udeb_5.5p1-6+squeeze6_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVxIUQAAoJEJr0azAldxsxLscQALdPD8vwC8SyIU1Y8z0lSjKy
DHRZYNuSaTaDyraZaa5wFfKLvVHChYmF7Tr3bwRroavYbCRvznCrv55q/xBEROng
6CMrkuAwVBQvVT9BQGh6SFjrVkIIX5jaoKY7Kw1rGuohYTV23pNYuUiuL3rWnH6R
ApS2TJckbQXjAMHvrbJkyipP6y3KcgHpKU6IEND5pTxzIM2hNTDNKKyuOyRymgaD
4gxJoRL7XltTeewevUsu70bOXPnaYOkSL+gNIj8tB5z55MDS8cxqwmU9tP0rTNOP
gLr1XOWeQr2FB9PUPvOz7kk1O3gsZaHgWDEt6L9kGAV5ePszdyc2xq9D4kHUkgkQ
HnAFhuWza55+wZRO06WH7NUfCxtnQrW/Jff+PgOYSE1LBCnUtea6pRLWULNtGhKB
QH64rD93FJoxcTtsOYjmJrTi6XDC+ij16R6vNbu7tYh683Es0Fr4zxrdPQxU0mmo
bGjZ+QVdavkaVAXwNlFplHwHOpFRKiDRZLir/X+Qzlk5GvXVN7+5PJ8SHJ7tsjzt
TJ7iWX1zB9xe8YfVFcDxLsSEyi9b01Z69c1/SytD/iA6Jup+5CW3MLg8GGqDJ2TU
JMwg4SeBnLs/vRb+9VWFuyylbqbzCKH2tSxiApn6tA5AiIk8Qkkj6dQf7ol+isKV
vTl84XQ/cRfOAtmvo318
=5rjI
-----END PGP SIGNATURE-----

Message #32 received at 790798-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 790798-close@bugs.debian.org

Subject: Bug#790798: fixed in openssh 1:6.9p1-1

Date: Thu, 20 Aug 2015 10:05:52 +0000

Source: openssh
Source-Version: 1:6.9p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 790798@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 20 Aug 2015 10:38:58 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.9p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 241119 481133 740307 740494 767648 774369 778807 781469 787037 787776 790798 793616 795711
Changes:
 openssh (1:6.9p1-1) unstable; urgency=medium
 .
   * New upstream release (http://www.openssh.com/txt/release-6.8):
     - sshd(8): UseDNS now defaults to 'no'.  Configurations that match
       against the client host name (via sshd_config or authorized_keys) may
       need to re-enable it or convert to matching against addresses.
     - Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
       command-line flags to the other tools to control algorithm used for
       key fingerprints.  The default changes from MD5 to SHA256 and format
       from hex to base64.
       Fingerprints now have the hash algorithm prepended.  An example of the
       new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
       Please note that visual host keys will also be different.
     - ssh(1), sshd(8): Experimental host key rotation support.  Add a
       protocol extension for a server to inform a client of all its
       available host keys after authentication has completed.  The client
       may record the keys in known_hosts, allowing it to upgrade to better
       host key algorithms and a server to gracefully rotate its keys.
       The client side of this is controlled by a UpdateHostkeys config
       option (default off).
     - ssh(1): Add a ssh_config HostbasedKeyType option to control which host
       public key types are tried during host-based authentication.
     - ssh(1), sshd(8): Fix connection-killing host key mismatch errors when
       sshd offers multiple ECDSA keys of different lengths.
     - ssh(1): When host name canonicalisation is enabled, try to parse host
       names as addresses before looking them up for canonicalisation.  Fixes
       bz#2074 and avoids needless DNS lookups in some cases.
     - ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
       authentication.
     - sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
       Bleichenbacher Side Channel Attack.  Fake up a bignum key before RSA
       decryption.
     - sshd(8): Remember which public keys have been used for authentication
       and refuse to accept previously-used keys.  This allows
       AuthenticationMethods=publickey,publickey to require that users
       authenticate using two _different_ public keys.
     - sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
       PubkeyAcceptedKeyTypes options to allow sshd to control what public
       key types will be accepted (closes: #481133).  Currently defaults to
       all.
     - sshd(8): Don't count partial authentication success as a failure
       against MaxAuthTries.
     - ssh(1): Add RevokedHostKeys option for the client to allow text-file
       or KRL-based revocation of host keys.
     - ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial
       number or key ID without scoping to a particular CA.
     - ssh(1): Add a "Match canonical" criteria that allows ssh_config Match
       blocks to trigger only in the second config pass.
     - ssh(1): Add a -G option to ssh that causes it to parse its
       configuration and dump the result to stdout, similar to "sshd -T".
     - ssh(1): Allow Match criteria to be negated. E.g. "Match !host".
     - ssh-keyscan(1): ssh-keyscan has been made much more robust against
       servers that hang or violate the SSH protocol (closes: #241119).
     - ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
       being lost as comment fields (closes: #787776).
     - ssh(1): Allow ssh_config Port options set in the second config parse
       phase to be applied (they were being ignored; closes: #774369).
     - ssh(1): Tweak config re-parsing with host canonicalisation - make the
       second pass through the config files always run when host name
       canonicalisation is enabled (and not whenever the host name changes)
     - ssh(1): Fix passing of wildcard forward bind addresses when connection
       multiplexing is in use.
     - ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
       formats.
     - ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use.
   * New upstream release (http://www.openssh.com/txt/release-6.9):
     - CVE-2015-5352: ssh(1): When forwarding X11 connections with
       ForwardX11Trusted=no, connections made after ForwardX11Timeout expired
       could be permitted and no longer subject to XSECURITY restrictions
       because of an ineffective timeout check in ssh(1) coupled with "fail
       open" behaviour in the X11 server when clients attempted connections
       with expired credentials (closes: #790798).  This problem was reported
       by Jann Horn.
     - SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to
       password guessing by implementing an increasing failure delay, storing
       a salted hash of the password rather than the password itself and
       using a timing-safe comparison function for verifying unlock attempts.
       This problem was reported by Ryan Castellucci.
     - sshd(8): Support admin-specified arguments to AuthorizedKeysCommand
       (closes: #740494).
     - sshd(8): Add AuthorizedPrincipalsCommand that allows retrieving
       authorized principals information from a subprocess rather than a
       file.
     - ssh(1), ssh-add(1): Support PKCS#11 devices with external PIN entry
       devices.
     - ssh-keygen(1): Support "ssh-keygen -lF hostname" to search known_hosts
       and print key hashes rather than full keys.
     - ssh-agent(1): Add -D flag to leave ssh-agent in foreground without
       enabling debug mode.
     - ssh(1), sshd(8): Deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
       message and do not try to use it against some 3rd-party SSH
       implementations that use it (older PuTTY, WinSCP).
     - ssh(1), sshd(8): Cap DH-GEX group size at 4Kbits for Cisco
       implementations as some would fail when attempting to use group sizes
       >4K (closes: #740307, LP: #1287222).
     - ssh(1): Fix out-of-bound read in EscapeChar configuration option
       parsing.
     - sshd(8): Fix application of PermitTunnel, LoginGraceTime,
       AuthenticationMethods and StreamLocalBindMask options in Match blocks.
     - ssh(1), sshd(8): Improve disconnection message on TCP reset.
     - ssh(1): Remove failed remote forwards established by multiplexing from
       the list of active forwards.
     - sshd(8): Make parsing of authorized_keys "environment=" options
       independent of PermitUserEnv being enabled.
     - sshd(8): Fix post-auth crash with permitopen=none (closes: #778807).
     - ssh(1), ssh-add(1), ssh-keygen(1): Allow new-format private keys to be
       encrypted with AEAD ciphers.
     - ssh(1): Allow ListenAddress, Port and AddressFamily configuration
       options to appear in any order.
     - sshd(8): Check for and reject missing arguments for VersionAddendum
       and ForceCommand.
     - ssh(1), sshd(8): Don't treat unknown certificate extensions as fatal.
     - ssh-keygen(1): Make stdout and stderr output consistent.
     - ssh(1): Mention missing DISPLAY environment in debug log when X11
       forwarding requested.
     - sshd(8): Correctly record login when UseLogin is set.
     - sshd(8): Add some missing options to sshd -T output and fix output of
       VersionAddendum and HostCertificate.
     - Document and improve consistency of options that accept a "none"
       argument: TrustedUserCAKeys, RevokedKeys, AuthorizedPrincipalsFile.
     - ssh(1): Include remote username in debug output.
     - sshd(8): Avoid compatibility problem with some versions of Tera Term,
       which would crash when they received the hostkeys notification message
       (hostkeys-00@openssh.com).
     - sshd(8): Mention ssh-keygen -E as useful when comparing legacy MD5
       host key fingerprints.
     - ssh(1): Clarify pseudo-terminal request behaviour and make manual
       language consistent.
     - ssh(1): Document that the TERM environment variable is not subject to
       SendEnv and AcceptEnv; bz#2386
     - sshd(8): Format UsePAM setting when using sshd -T (closes: #767648).
     - moduli(5): Update DH-GEX moduli (closes: #787037).
   * There are some things I want to fix before upgrading to 7.0p1, though I
     intend to do that soon.  In the meantime, backport some patches, mainly
     to fix security issues:
     - SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
       world-writable.  Local attackers may be able to write arbitrary
       messages to logged-in users, including terminal escape sequences.
       Reported by Nikolay Edigaryev.
     - SECURITY: sshd(8): Fixed a privilege separation weakness related to
       PAM support.  Attackers who could successfully compromise the
       pre-authentication process for remote code execution and who had valid
       credentials on the host could impersonate other users.  Reported by
       Moritz Jodeit.
     - SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support
       that was reachable by attackers who could compromise the
       pre-authentication process for remote code execution (closes:
       #795711).  Also reported by Moritz Jodeit.
     - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using
       keyboard-interactive authentication (closes: #793616).  By specifying
       a long, repeating keyboard-interactive "devices" string, an attacker
       could request the same authentication method be tried thousands of
       times in a single pass.  The LoginGraceTime timeout in sshd(8) and any
       authentication failure delays implemented by the authentication
       mechanism itself were still applied.  Found by Kingcope.
     - Let principals-command.sh work for noexec /var/run.
   * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the
     GSSAPI key exchange patch.
   * Document the Debian-specific change to the default value of
     ForwardX11Trusted in ssh(1) (closes: #781469).
Checksums-Sha1:
 b91d4b642bcfdb846b27c4d60df3e7f5fd08f5d1 2737 openssh_6.9p1-1.dsc
 86ab57f00d0fd9bf302760f2f6deac1b6e9df265 1487617 openssh_6.9p1.orig.tar.gz
 2750a007db7992180da53a9ad7c350c6945b36e3 152088 openssh_6.9p1-1.debian.tar.xz
 8b9a289f4896fc17110925047e8fcd686925024f 276064 openssh-client-udeb_6.9p1-1_amd64.udeb
 b5908b9cc647753758c756c64ca9704252170735 750044 openssh-client_6.9p1-1_amd64.deb
 6d909d6bde219dc94ab071eb561232694950fb13 291822 openssh-server-udeb_6.9p1-1_amd64.udeb
 14ae09a3d4226b109a725934fa7c391a0a41c8f5 343632 openssh-server_6.9p1-1_amd64.deb
 7dabbfc8173344bb5cd8a0e546325f42bde1c1de 38060 openssh-sftp-server_6.9p1-1_amd64.deb
 4b72a5bb5803fd4734d992846e2b7eaabc5621af 172736 ssh-askpass-gnome_6.9p1-1_amd64.deb
 5e3946bb0f2736659d592e7c6ea257f6e862654b 164754 ssh-krb5_6.9p1-1_all.deb
 6e0297c65b52a7733422f400c02d707f3b90f27c 165262 ssh_6.9p1-1_all.deb
Checksums-Sha256:
 74d1a4ab5d34d49a1342e1aa33f66072c35a2ced2d1dcf730dc8791e51eb6a67 2737 openssh_6.9p1-1.dsc
 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe 1487617 openssh_6.9p1.orig.tar.gz
 60f1ad506db206af12746adbe2e8f0b089f12062f4ae48ae1d7557dda431e72b 152088 openssh_6.9p1-1.debian.tar.xz
 4c9fc7c4d106fbae9824268e348344ae2eb898e62bf22a08932b733aa08a41e1 276064 openssh-client-udeb_6.9p1-1_amd64.udeb
 917bb164ba62d5ff63716f240a144fe80eb82e66e35e7ee21ccca7f613246ee5 750044 openssh-client_6.9p1-1_amd64.deb
 335a4ed0b2fafd50768df61b2472f0bbdcb5e7503f385a21096d0e54a765688b 291822 openssh-server-udeb_6.9p1-1_amd64.udeb
 25b2f402819e457473d971f9006b8b0aca2278549b6b79a843d2d70da6cc3fac 343632 openssh-server_6.9p1-1_amd64.deb
 54174d42c6f47e0ba4573c86ea712c7912264eba755c3846e1fb81733c37124e 38060 openssh-sftp-server_6.9p1-1_amd64.deb
 a96927b80c57ae14c357b9f40b8d2a3280f02f930d220fa7e8e3de704e1488ea 172736 ssh-askpass-gnome_6.9p1-1_amd64.deb
 c74e73ab2725c5cf7a355189f9fbcdf8ba9502b9aeca411413724680b3b8e436 164754 ssh-krb5_6.9p1-1_all.deb
 24b0bf44885459a4d1f2872487b29b2493d6014d4fc405b41e850f6f21536ebc 165262 ssh_6.9p1-1_all.deb
Files:
 e6d84ae7b755f5930b1de1e0ce5782e8 2737 net standard openssh_6.9p1-1.dsc
 0b161c44fc31fbc6b76a6f8ae639f16f 1487617 net standard openssh_6.9p1.orig.tar.gz
 5b2a9b8a8af3e970b4ed6bc4d4d5fb1c 152088 net standard openssh_6.9p1-1.debian.tar.xz
 281a8956fd843c06fc5ee5ec826a0045 276064 debian-installer optional openssh-client-udeb_6.9p1-1_amd64.udeb
 342f5257442ee205090195dc9f31f439 750044 net standard openssh-client_6.9p1-1_amd64.deb
 7431682f6265e2fbcb36e4683e83c2ca 291822 debian-installer optional openssh-server-udeb_6.9p1-1_amd64.udeb
 d20a3188f00833d75859347860d3aea0 343632 net optional openssh-server_6.9p1-1_amd64.deb
 8643f752217cdbcbb9de16ddf94d09f9 38060 net optional openssh-sftp-server_6.9p1-1_amd64.deb
 7b48502bac8ea0558e51854dda7807cc 172736 gnome optional ssh-askpass-gnome_6.9p1-1_amd64.deb
 d8f0628c50ee8dea35f10d55bbd8a23c 164754 oldlibs extra ssh-krb5_6.9p1-1_all.deb
 74bd0e4061276deaccaf1221c0bf2695 165262 net extra ssh_6.9p1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVdWiKjk1h9l9hlALAQjZ6Q/5AY5sgM+EcnFafR3el0Vl29joLvRmureU
9iXd6TbrgaXUWLZIUbjmKPA0kP5HplfHqWIowrq3d1FlASXryljktIpV3LeUn+OO
j7dFkt/8ShJ2z6a+tZZPZJbjP2S30RQbTR6AtUoCcSmkjE98fjctpQ87sMDNpyn+
rkbXkEOYqVzJjIMF+A0u+09uWkQjQ0SKokAm23kyJAJ+N3nM+gORdWgfBmObLwyl
7PpN2rzhoxrGscGCH+KPjRYY4HBx3OsI4XNb2BTGYX+B9mgKhFaKB9DF6TsDDUf2
tg9jNJrLICMa1h8bVxRO4tFqFyNwXJDmVkbGVEaAxjcIKJB23jMuFQ/VlbA5BSMk
4fVaOIr9eRLKZzUtvWoPH4LSn2xZIscHPUs4DKIC55mDlbmPRldsLgCNt3nPv3KZ
jcJgrPkhvs08Cb17xTAasHzdDIQpSFUy+sU9pBxkm44dWnxSH517w3NjFIFbeW90
Jd17Ncpoa+LQHAaTkcFrkd3og5P82eFnUhvW8Yugwn3VtqqS3udqSoe+1ix/JxaI
Ujp20iMTKECLqCwTPebbJ3fO5f107I8TI112wZjXo83OrJojpKLuF+XvTP9EZmu1
YgwnjRTb4aMZJgJTMmW+qOaSJMIGUbYpI8NhosFVJ51l6/U93oqcXwnxuUIYUVgx
K6KkYm89+38=
=Udiw
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.