[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2021-41617/openssh as no-dsa for stretch

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Thu Nov 4 19:04:59 GMT 2021 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f39f03e by Utkarsh Gupta at 2021-11-05T00:34:46+05:30
Mark CVE-2021-41617/openssh as no-dsa for stretch

- - - - -
b4148c14 by Utkarsh Gupta at 2021-11-05T00:34:46+05:30
Drop openssh from dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6172,6 +6172,7 @@ CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-def
 	- openssh <unfixed> (bug #995130)
 	[bullseye] - openssh <no-dsa> (Minor issue)
 	[buster] - openssh <no-dsa> (Minor issue)
+	[stretch] - openssh <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
 	NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
 	NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde


=====================================
data/dla-needed.txt
=====================================
@@ -79,15 +79,6 @@ nvidia-graphics-drivers
 openjdk-8 (Roberto C. Sánchez)
   NOTE: 20211101: coordinating with maribilos, waiting on upstream to finalize tags (roberto)
 --
-openssh (Utkarsh)
-  NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in
-  NOTE: 20211003: Ubuntu (and can see the same code differences here);
-  NOTE: 20211003: check if that needs to be fixed; talking to -security.
-  NOTE: 20211003: also CVE-2021-41617 is new; might be a good idea to
-  NOTE: 20211003: club both these together. (utkarsh)
-  NOTE: 20211018: the regression doesn't happen for stretch; looking at
-  NOTE: 20211018: the other bit. (utkarsh)
---
 redis (Chris Lamb)
   NOTE: 20211004: Fixed in sid and experimental. (lamby)
   NOTE: 20211006: buster-pu filed in #995825. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e0ab38847bbdcb837ccdfe6d6ba092c0bc4be03...b4148c14fc5731c4702c9cfacbe401e713779b72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e0ab38847bbdcb837ccdfe6d6ba092c0bc4be03...b4148c14fc5731c4702c9cfacbe401e713779b72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211104/735d5a9f/attachment.htm>

More information about the debian-security-tracker-commits mailing list