[Git][security-tracker-team/security-tracker][master] Add new openssh issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 18 09:02:12 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ccb041b9 by Salvatore Bonaccorso at 2025-02-18T10:01:50+01:00
Add new openssh issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2025-26466 [Denial of Service: asymmetric resource consumption of memory and CPU]
+	- openssh <unfixed>
+	[bookworm] - openssh <not-affected> (Vulnerable code introduced later)
+	[bullseye] - openssh <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.openssh.com/releasenotes.html#9.9p2
+	NOTE: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
+	NOTE: Introduced with: https://github.com/openssh/openssh-portable/commit/dce6d80d2ed3cad2c516082682d5f6ca877ef714 (V_9_5_P1)
+	NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2 (V_9_9_P1)
+CVE-2025-26465 [MitM]
+	- openssh <unfixed>
+	NOTE: https://www.openssh.com/releasenotes.html#9.9p2
+	NOTE: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
+	NOTE: Introduced with: https://github.com/openssh/openssh-portable/commit/5e39a49930d885aac9c76af3129332b6e772cd75 (V_6_8_P1)
+	NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/0832aac79517611dd4de93ad0a83577994d9c907 (V_9_9_P1)
 CVE-2025-25224 (The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5 ...)
 	NOT-FOR-US: LuxCal Web Calendar
 CVE-2025-25223 (The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccb041b9493cc1038ee0381d4d486e56d47a8e70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccb041b9493cc1038ee0381d4d486e56d47a8e70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250218/4ebe6829/attachment.htm>

More information about the debian-security-tracker-commits mailing list