[Git][security-tracker-team/security-tracker][master] Reserve DLA-3694-1 for openssh

Santiago R.R. (@santiago) santiago at debian.org
Mon Dec 25 21:01:33 GMT 2023 


Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2261d6ec by Santiago Ruano Rincón at 2023-12-25T16:01:13-05:00
Reserve DLA-3694-1 for openssh

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -160155,7 +160155,6 @@ CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input Du
 CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
 	- openssh 1:8.7p1-1 (bug #995130)
 	[bullseye] - openssh 1:8.4p1-5+deb11u3
-	[buster] - openssh <no-dsa> (Minor issue)
 	[stretch] - openssh <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
 	NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Dec 2023] DLA-3694-1 openssh - security update
+	{CVE-2021-41617 CVE-2023-48795 CVE-2023-51385}
+	[buster] - openssh 1:7.9p1-10+deb10u4
 [23 Dec 2023] DLA-3693-1 osslsigncode - security update
 	{CVE-2023-36377}
 	[buster] - osslsigncode 2.0+really2.5-4+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -161,9 +161,6 @@ nvidia-cuda-toolkit
   NOTE: 20230610: Details: https://lists.debian.org/debian-lts/2023/06/msg00032.html
   NOTE: 20230610: my recommendation would be to put the package on the "not-supported" list. (tobi)
 --
-openssh (santiago)
-  NOTE: 20231219: Added by Front-Desk (ta)
---
 paramiko
   NOTE: 20231225: Added by Front-Desk (ta)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2261d6ec610f9e89a62a5df86e7a15bb1a07b79e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2261d6ec610f9e89a62a5df86e7a15bb1a07b79e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/b3419694/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list