From owner-freebsd-security@FreeBSD.ORG Fri Nov 21 13:26:35 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07E341065672 for ; Fri, 21 Nov 2008 13:26:35 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 9FF848FC12 for ; Fri, 21 Nov 2008 13:26:34 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=Y4wENKnvaU6BVBoTexw4fJW06y3hp3IDa0YcAJ3e+hl72pIx28bQ4HKaG+2+Hrrhf8UKgvooWcMCCgAmzR1lpZB4dv+SN4OUpnb9sPsYhJMWYS6VPsw+O9wHWoh3L9iEK5HXWC545u7wobfgIEyUcnLRyQpybNeFJcitZcEwxAs=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1L3W1o-000A2s-Lv; Fri, 21 Nov 2008 16:26:32 +0300 Date: Fri, 21 Nov 2008 16:26:31 +0300 From: Eygene Ryabinkin To: Damien Miller Message-ID: References: <6p2tlso0g3Xi5suHfErE3rcPs54@Mr6N54GlMnGhD+RQ1Yhx+24IxLk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="l3ej7W/Jb2pB3qL2" Content-Disposition: inline In-Reply-To: Sender: rea-fbsd@codelabs.ru Cc: freebsd-security@freebsd.org, openssh@openssh.com Subject: Re: Plaintext recovery attack in SSH, discovered by CPNI? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 13:26:35 -0000 --l3ej7W/Jb2pB3qL2 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Damien, Fri, Nov 21, 2008 at 04:13:43PM +0300, Eygene Ryabinkin wrote: > Fri, Nov 21, 2008 at 10:10:32PM +1100, Damien Miller wrote: > > see http://www.openssh.com/txt/cbc.adv >=20 > Thanks! Is there some secret place that links to this (and other) > advisory or I should just poll http://openssh.org/txt/? ;)) I am sorry -- I was not aware that you're in the OpenSSH development team ;)) The question seems to be a bit stupid ;-/ But still, if there are some secret places... --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --l3ej7W/Jb2pB3qL2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkkmtwcACgkQthUKNsbL7YivDwCfeKE2i2Pd3TgsNI+ZZi+S/O00 SXkAniLSHqVRZYqtqsJ3In+OQbF3T00c =VIPn -----END PGP SIGNATURE----- --l3ej7W/Jb2pB3qL2--