Accepted openssh 1:7.9p1-10+deb10u4 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted openssh 1:7.9p1-10+deb10u4 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 25 Dec 2023 21:10:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: openssh_7.9p1-10+deb10u4_source.changes
- Debian-source: openssh
- Debian-suite: oldoldstable
- Debian-version: 1:7.9p1-10+deb10u4
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=fQTCr/5eZRW8r1ANQ4ZHZgvdYNORqcRD3jc7+qXrMng=; b=UaxEQJR2S7PWLy47Z+3WOlElGz 2fLHC/pIxBkzr788E1pVP4vI8y/g2V6m5RMgscvgoRAng1iYjyKCt+TNh/+Silmwp3aUlAhRyfsEZ ZCrPiZKEw+Z9C0946dlacqkr+oXTcl7goe7rHze3TNvLw+HaODmVbnlqEjzYeZEAJHePa7BGDG3uT ue/IjsNOk0I1vJx39PWtnYx0N+sq0DNMd8kdd2Kqsu3KeR7QJpEE7zUxHZA7ZmLO3PAi0bWy/OpXG fv1vLq4MfD1HP5DBW8P+aHhBo2C4ykrBaOltk2PxMsGaUcRcCWGRNKwmKs179gY25qWqQAWl5isIv oj5Ur6ag==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rHsDO-001Tid-3T@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 24 Dec 2023 15:39:13 -0500
Source: openssh
Architecture: source
Version: 1:7.9p1-10+deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Santiago Ruano Rincón <santiago@freexian.com>
Closes: 995130
Changes:
openssh (1:7.9p1-10+deb10u4) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Rename debian/.gitlab-ci.yml to debian/salsa-ci.yml and use
lts-team/pipeline recipe for buster in it.
* [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to
thwart the so-called "Terrapin attack" discovered by Fabian Bäumer,
Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect
a limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server would
not be able to detect that messages were deleted.
* [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained
shell metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the user
or hostname via %u, %h or similar expansion token, then an attacker
who could supply arbitrary user/hostnames to ssh(1) could potentially
perform command injection depending on what quoting was present in the
user-supplied ssh_config(5) directive. ssh(1) now bans most shell
metacharacters from user and hostnames supplied via the command-line.
* [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to
correctly initialise supplemental groups when executing an
AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a
AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive
has been set to run the command as a different user. Instead these
commands would inherit the groups that sshd(8) was started with
(closes: #995130).
Checksums-Sha1:
413ad62f0a8020f242a0840031f2bf26d5c23bd2 2592 openssh_7.9p1-10+deb10u4.dsc
c6c7f6c1e3a6c94771d92acd341612885f782f70 181408 openssh_7.9p1-10+deb10u4.debian.tar.xz
1d85c7b1363cef762126594edfcd17401f86ab49 18070 openssh_7.9p1-10+deb10u4_amd64.buildinfo
Checksums-Sha256:
a57adf80b4f434f2e8aaf736e642761f30ab2c2bd1432b3e1e6bc824ae826962 2592 openssh_7.9p1-10+deb10u4.dsc
3c9246796095b8cb8785b14ab4157f0cc0ab754e929327ff60cfba4e93213a67 181408 openssh_7.9p1-10+deb10u4.debian.tar.xz
57beccdb92ae8ee5340af98c51ab7e08a85823e1cd7bc8758e9c8894cf769c0c 18070 openssh_7.9p1-10+deb10u4_amd64.buildinfo
Files:
f2bec38b3041b1b570b59876e969e7e8 2592 net standard openssh_7.9p1-10+deb10u4.dsc
8acdf241f3e0e1a7fc57318ad909b992 181408 net standard openssh_7.9p1-10+deb10u4.debian.tar.xz
dbc5d0d591c40a23f08d67924a81f01a 18070 net standard openssh_7.9p1-10+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQRZVjztY8b+Ty43oH1itBCJKh26HQUCZYneFAAKCRBitBCJKh26
HRSGAQD4i+iFyJH5AGVSMAplLhsRgJjChTyvOjTfwXItEkYz4wD/XFQA9YrYvmq9
zdrWu3jY1haqGAjt5UjzYL5OpHveWgo=
=194m
-----END PGP SIGNATURE-----