Accepted openssh 1:7.9p1-10+deb10u4 (source) into oldoldstable

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 24 Dec 2023 15:39:13 -0500
Source: openssh
Architecture: source
Version: 1:7.9p1-10+deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Santiago Ruano Rincón <santiago@freexian.com>
Closes: 995130
Changes:
 openssh (1:7.9p1-10+deb10u4) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * Rename debian/.gitlab-ci.yml to debian/salsa-ci.yml and use
     lts-team/pipeline recipe for buster in it.
   * [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to
     thwart the so-called "Terrapin attack" discovered by Fabian Bäumer,
     Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect
     a limited break of the integrity of the early encrypted SSH transport
     protocol by sending extra messages prior to the commencement of
     encryption, and deleting an equal number of consecutive messages
     immediately after encryption starts. A peer SSH client/server would
     not be able to detect that messages were deleted.
   * [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained
     shell metacharacters was passed to ssh(1), and a ProxyCommand,
     LocalCommand directive or "match exec" predicate referenced the user
     or hostname via %u, %h or similar expansion token, then an attacker
     who could supply arbitrary user/hostnames to ssh(1) could potentially
     perform command injection depending on what quoting was present in the
     user-supplied ssh_config(5) directive. ssh(1) now bans most shell
     metacharacters from user and hostnames supplied via the command-line.
   * [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to
     correctly initialise supplemental groups when executing an
     AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a
     AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive
     has been set to run the command as a different user. Instead these
     commands would inherit the groups that sshd(8) was started with
     (closes: #995130).
Checksums-Sha1:
 413ad62f0a8020f242a0840031f2bf26d5c23bd2 2592 openssh_7.9p1-10+deb10u4.dsc
 c6c7f6c1e3a6c94771d92acd341612885f782f70 181408 openssh_7.9p1-10+deb10u4.debian.tar.xz
 1d85c7b1363cef762126594edfcd17401f86ab49 18070 openssh_7.9p1-10+deb10u4_amd64.buildinfo
Checksums-Sha256:
 a57adf80b4f434f2e8aaf736e642761f30ab2c2bd1432b3e1e6bc824ae826962 2592 openssh_7.9p1-10+deb10u4.dsc
 3c9246796095b8cb8785b14ab4157f0cc0ab754e929327ff60cfba4e93213a67 181408 openssh_7.9p1-10+deb10u4.debian.tar.xz
 57beccdb92ae8ee5340af98c51ab7e08a85823e1cd7bc8758e9c8894cf769c0c 18070 openssh_7.9p1-10+deb10u4_amd64.buildinfo
Files:
 f2bec38b3041b1b570b59876e969e7e8 2592 net standard openssh_7.9p1-10+deb10u4.dsc
 8acdf241f3e0e1a7fc57318ad909b992 181408 net standard openssh_7.9p1-10+deb10u4.debian.tar.xz
 dbc5d0d591c40a23f08d67924a81f01a 18070 net standard openssh_7.9p1-10+deb10u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQRZVjztY8b+Ty43oH1itBCJKh26HQUCZYneFAAKCRBitBCJKh26
HRSGAQD4i+iFyJH5AGVSMAplLhsRgJjChTyvOjTfwXItEkYz4wD/XFQA9YrYvmq9
zdrWu3jY1haqGAjt5UjzYL5OpHveWgo=
=194m
-----END PGP SIGNATURE-----