[Git][security-tracker-team/security-tracker][master] Reserve DLA-3532-1 for openssh

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Thu Aug 17 02:10:44 BST 2023 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d3f1312 by Utkarsh Gupta at 2023-08-17T06:40:29+05:30
Reserve DLA-3532-1 for openssh

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3562,7 +3562,6 @@ CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
 	- openssh 1:9.3p2-1 (bug #1042460)
 	[bookworm] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
 	[bullseye] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
-	[buster] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
 	NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
 	NOTE: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Aug 2023] DLA-3532-1 openssh - security update
+	{CVE-2023-38408}
+	[buster] - openssh 1:7.9p1-10+deb10u3
 [16 Aug 2023] DLA-3531-1 open-vm-tools - security update
 	{CVE-2023-20867}
 	[buster] - open-vm-tools 2:10.3.10-1+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -133,10 +133,6 @@ openjdk-11 (Emilio)
   NOTE: 20230802: update prepared for new CPU, waiting for DSA and checking
   NOTE: 20230802: whether to change jtreg version (pochu)
 --
-openssh (utkarsh)
-  NOTE: 20230814: Added by Front-Desk (ta)
-  NOTE: 20230816: taking this one as it's high prio, given one of the customers pinged. (utkarsh)
---
 orthanc (gladk)
   NOTE: 20230812: Added by Front-Desk (Beuc)
   NOTE: 20230812: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/41



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d3f13122ea6ebd155d8184c713a2dcd6e88886d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d3f13122ea6ebd155d8184c713a2dcd6e88886d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/3855636f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list