[Git][security-tracker-team/security-tracker][master] Reserve DLA-1728-1 for openssh

[Mike Gabriel]

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60e606d1 by Mike Gabriel at 2019-03-25T13:12:09Z
Reserve DLA-1728-1 for openssh

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Mar 2019] DLA-1728-1 openssh - security update
+	{CVE-2018-20685 CVE-2019-6109 CVE-2019-6111}
+	[jessie] - openssh 1:6.7p1-5+deb8u8
 [25 Mar 2019] DLA-1727-1 firefox-esr - security update
 	{CVE-2019-9810 CVE-2019-9813}
 	[jessie] - firefox-esr 60.6.1esr-1~deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -72,12 +72,6 @@ neutron (Thorsten Alteholz)
 openjdk-7 (Emilio)
   NOTE: 20190304: updating to 7u211
 --
-openssh (Mike Gabriel)
-  NOTE: 20190227: Work in progress. First draft is still vulnerable to PoC: https://www.exploit-db.com/exploits/46193
-  NOTE: 20190227: Problematic is that jessie's / wheezy's versions don't have the utf8.(c|h) code, yet. Probably needs to be backported.
-  NOTE: 20190228: CVE-2019-6111 seemingly not-yet-fixed, see https://bugs.debian.org/923486
-  NOTE: 20190228: Package draft for jessie LTS locally, but the CVE-2019-6111 patch requires being fixed first before proceeding
---
 pdns
 --
 php5 (Thorsten Alteholz)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60e606d150f92237bfe0e469f0960ae481d0f9c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60e606d150f92237bfe0e469f0960ae481d0f9c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190325/622fb25a/attachment-0001.html>