[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2026-3841/openssh: add introductory commit
Carlos Henrique Lima Melara (@charles)
gitlab at salsa.debian.org
Thu Mar 19 03:17:12 GMT 2026
Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9da376e4 by Carlos Henrique Lima Melara at 2026-03-18T23:43:02-03:00
CVE-2026-3841/openssh: add introductory commit
Before 1:8.0p1-1, the fuction called on error was packet_disconnect()
which prints the error message and then called ssh_packet_disconnect()
terminating the process.
- - - - -
19042918 by Carlos Henrique Lima Melara at 2026-03-19T00:08:52-03:00
LTS: add openssh to dla-needed.txt
- - - - -
604a602f by Carlos Henrique Lima Melara at 2026-03-19T00:16:11-03:00
LTS: add libyaml-syck-perl to data/dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2093,6 +2093,7 @@ CVE-2026-3841 (A command injection vulnerability has been identified in the Teln
CVE-2026-3497 (Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ...)
- openssh <unfixed> (bug #1130595)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/12/3
+ NOTE: Introduced with: https://salsa.debian.org/ssh-team/openssh/-/commit/865a97e05b6aab1619e1c8eeb33ccb8f9a9e48d3 (debian/1%8.0p1-1)
CVE-2026-3060 (SGLang' encoder parallel disaggregation system is vulnerable to unauth ...)
NOT-FOR-US: sgl-project sglang
CVE-2026-3059 (SGLang's multimodal generation module is vulnerable to unauthenticated ...)
=====================================
data/dla-needed.txt
=====================================
@@ -244,6 +244,12 @@ libxslt
NOTE: 20251020: In progress, waiting for upstream action (guilhem)
NOTE: 20251104: Done, but waiting for upstream to merge before uploading and issuing the DLA (guilhem)
--
+libyaml-syck-perl
+ NOTE: 20260319: Added by Front-Desk (charles)
+ NOTE: 20260319: In dsa-needed, coordinate with secteam. It's 4 problems in
+ NOTE: 20260319: one CVE, I could confirm at least one, but perl looks like
+ NOTE: 20260319: hieroglyphs to me (charles)
+--
linux (Ben Hutchings)
NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
--
@@ -317,6 +323,12 @@ nvidia-graphics-drivers
NOTE: 20250630: With reply from maintainer, tiraged some CVEs accordingly and updated the security tracker (tobi)
NOTE: 20250707: Maintainer offered to prepare a backport of upstream R515, offered to test them, after DebConf (tobi)
--
+openssh
+ NOTE: 20260319: Added by Front-Desk (charles)
+ NOTE: 20260319: In dsa-needed, coordinate with secteam. Ubuntu patch
+ NOTE: 20260319: available in oss-security - but it needs to be
+ NOTE: 20260319: double-checked. (charles)
+--
p7zip (Sylvain Beucler)
NOTE: 20251020: Added by Front-Desk (dleidert)
NOTE: 20251020: I disagree with the low-severity ratings; but finding the patches might be a hard (dleidert/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/181d085706df829f13953bf11a2e63b74696938a...604a602f6780e29e9fb70c8c3889cd2b716a6af3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/181d085706df829f13953bf11a2e63b74696938a...604a602f6780e29e9fb70c8c3889cd2b716a6af3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/9327e5d2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list