[Git][security-tracker-team/security-tracker][master] Reserve DSA number for openssh update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 22 08:50:51 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c303db1c by Salvatore Bonaccorso at 2023-12-22T09:50:37+01:00
Reserve DSA number for openssh update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -951,6 +951,7 @@ CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur i
NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1)
CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...)
- openssh 1:9.6p1-1
+ [bookworm] - openssh 1:9.2p1-2+deb12u2
[bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
[buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
@@ -42275,7 +42276,7 @@ CVE-2023-28532
RESERVED
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
- openssh 1:9.3p1-1 (bug #1033166)
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u2
[bullseye] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
[buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9)
NOTE: https://github.com/openssh/openssh-portable/commit/54ac4ab2b53ce9fcb66b8250dee91c070e4167ed (V_9_3_P1)
@@ -159727,7 +159728,7 @@ CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input Du
NOT-FOR-US: btcpayserver
CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
- openssh 1:8.7p1-1 (bug #995130)
- [bullseye] - openssh <no-dsa> (Minor issue)
+ [bullseye] - openssh 1:8.4p1-5+deb11u3
[buster] - openssh <no-dsa> (Minor issue)
[stretch] - openssh <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[22 Dec 2023] DSA-5586-1 openssh - security update
+ {CVE-2023-48795 CVE-2023-51385}
+ [bullseye] - openssh 1:8.4p1-5+deb11u3
+ [bookworm] - openssh 1:9.2p1-2+deb12u2
[21 Dec 2023] DSA-5585-1 chromium - security update
{CVE-2023-7024}
[bullseye] - chromium 120.0.6099.129-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -42,9 +42,6 @@ nbconvert/oldstable
nodejs
maintainer proposed to follow the upstream 18.x LTS branch
--
-openssh (carnil)
- maintainer working on updates
---
php-cas/oldstable
--
php-horde-mime-viewer/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c303db1cfd45c340830658eab6d1bf613a25e6e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c303db1cfd45c340830658eab6d1bf613a25e6e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/a28a1bd9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list