Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openssh 1:9.9p2-1 (source) into unstable
Date: Tue, 18 Feb 2025 10:35:10 +0000
Signed by: Colin Watson <cjwatson@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 18 Feb 2025 10:13:10 +0000
Source: openssh
Architecture: source
Version: 1:9.9p2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Changes:
 openssh (1:9.9p2-1) unstable; urgency=medium
 .
   * New upstream release:
     - CVE-2025-26465: ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive)
       contained a logic error that allowed an on-path attacker (a.k.a MITM)
       to impersonate any server when the VerifyHostKeyDNS option is enabled.
       This option is off by default.
     - CVE-2025-26466: sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive)
       is vulnerable to a memory/CPU denial-of-service related to the
       handling of SSH2_MSG_PING packets. This condition may be mitigated
       using the existing PerSourcePenalties feature.
     - ssh(1), sshd(8): fix regression in Match directive that caused
       failures when predicates and their arguments were separated by '='
       characters instead of whitespace (bz3739).
     - sshd(8): fix the "Match invalid-user" predicate, which was matching
       incorrectly in the initial pass of config evaluation.
Checksums-Sha1:
 0f18c28bad78b7c3bbe9895d14caf2f6433130c6 3465 openssh_9.9p2-1.dsc
 edefe960645780dee78059c444d4261667ad3056 1944499 openssh_9.9p2.orig.tar.gz
 efc8596f61d278094b2de1ffcd73636a054147e0 833 openssh_9.9p2.orig.tar.gz.asc
 e807842b2950b038d81eef92303269e088be393e 195692 openssh_9.9p2-1.debian.tar.xz
Checksums-Sha256:
 0111130a2fcfb11ef7d522135fbd762e86da8f06063f1fe7e642a64128f999b0 3465 openssh_9.9p2-1.dsc
 91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673 1944499 openssh_9.9p2.orig.tar.gz
 17daea197718ef7907db917983547dbece321ac8beb1f2c215b45a93c485f5c2 833 openssh_9.9p2.orig.tar.gz.asc
 cf84d45cbd4517fa38a1fd9c5ceac2db0280d41d8850fd65841a5421d415570c 195692 openssh_9.9p2-1.debian.tar.xz
Files:
 e28431f2347fb0fcb37b5368f6106b0a 3465 net standard openssh_9.9p2-1.dsc
 f617b95fe278bfea8d004589c7a68a85 1944499 net standard openssh_9.9p2.orig.tar.gz
 485a711a9a9e547b132297037f5be77d 833 net standard openssh_9.9p2.orig.tar.gz.asc
 5b325962ceb37111cfe50549dcac7523 195692 net standard openssh_9.9p2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAme0XVwACgkQOTWH2X2G
UAtKiQ//eXionyNpAhSE0O7hCA+KAlWGDLLPiSGAgFnRBAgXd1o6KL4HZo+G5r/C
qkuRscm0elfQMoI/JXliKRPdJI3eRJ2bkJs/FGFCb87ylALSJYQ+QIwweV2n7VI/
E1T8B6Od+eFCoLOij0W9nee0ZsJNyc+pQ/CfoMjFuesHl7ExWfOyTyt9iXTo/71p
woXGtHnibx4L64v7YoitXCbinCuMuqy8o7EHuQxBMXMqojedol+fLtFIDpsgGNtj
zwLnZK30AXyLYLy02lkmp1BFt43shZmKvMAHyd/8NpKhG+7YSmc7q8PJ9niMNhAB
2utJ8XhhI/kxvMhNnnNHrGQchLnkonsDnIS06pKFcyRV4vhe8F/YXrtKSo2AtAAe
pwa4vnbd+9bZwttIrvybpNxvhdWna523+8niMWai63BHHzLZ9q6vZAdbqVO8/Y2E
eC8aZCvr5rnLfCyq4/ezfDhnsEf7aDVoe8FPIFGfPI5ZLOLB8RuzQBc4EbLPGLOs
gRmSc3XBfBaP1G3+8bqYi2LgTBLRfWGwOSxCRYAqDereW2f/JIM8YkLh2V2Kgf6E
YPOCLS0AcSa2UlDj6IW5B15svyqS0WeRa44JawXxNgJf/b7q+2ZGWCPB4CyBnD9t
K+ScMem5mX8BED5NwV40aYj5doDp1QOCZEGwI92ROxcv+xo0neU=
=LcJs
-----END PGP SIGNATURE-----
News for package openssh
