openssh - Debian Package Tracker

general

source: openssh (main)
version: 1:9.1p1-1
maintainer: Debian OpenSSH Maintainers (archive) (DMD)
uploaders: Colin Watson [DMD] – Matthew Vernon [DMD]
arch: all any
std-ver: 4.1.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:7.4p1-10+deb9u7
o-o-sec: 1:7.4p1-10+deb9u6
oldstable: 1:7.9p1-10+deb10u2
old-sec: 1:7.9p1-10+deb10u1
old-bpo: 1:8.4p1-2~bpo10+1
stable: 1:8.4p1-5+deb11u1
testing: 1:9.1p1-1
unstable: 1:9.1p1-1

versioned links

1:7.4p1-10+deb9u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.4p1-10+deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.9p1-10+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.9p1-10+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:8.4p1-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:8.4p1-5+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:9.1p1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

openssh-client (280 bugs: 0, 160, 120, 0)
openssh-client-udeb
openssh-server (237 bugs: 0, 177, 60, 0)
openssh-server-udeb
openssh-sftp-server (1 bugs: 0, 1, 0, 0)
openssh-tests
ssh (132 bugs: 0, 69, 63, 0)
ssh-askpass-gnome (2 bugs: 0, 2, 0, 0)

action needed

49 bugs tagged patch in the BTS normal

The BTS contains patches fixing 49 bugs (67 if counting merged bugs), consider including or untagging them.

Created: 2022-07-27 Last update: 2022-12-03 11:02

Depends on packages which need a new maintainer normal

The packages that openssh depends on which need a new maintainer are:

ssh-askpass (#993155)
- Suggests: ssh-askpass ssh-askpass

Created: 2019-11-22 Last update: 2022-12-03 10:03

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:9.1p1-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit f1b82547e654ea81ab2f0cd40d7d98a3a30a7ef7
Author: Colin Watson <cjwatson@debian.org>
Date:   Tue Nov 15 15:03:14 2022 +0000

    Add changelog entry

commit 02a7b703c69f875874c34db3ebc43396312ec486
Merge: 9ac317d87 987f81c3c
Author: Colin Watson <cjwatson@debian.org>
Date:   Tue Nov 15 15:02:35 2022 +0000

    Merge branch 'selinux' into 'master'
    
    Do not copy security context in postinst
    
    See merge request ssh-team/openssh!19

commit 987f81c3cdcaf5bf13c01e965ab4628df2185a70
Author: Christian Göttsche <cgzones@googlemail.com>
Date:   Tue Nov 15 15:31:11 2022 +0100

    Do not copy security context in postinst
    
    Do not copy the SELinux context of the example configuration file in
    the postinst script of openssh-server, cause the source context might
    not be valid at the destination, e.g. if /tmp is mounted on a tmpfs:
    
        type=PROCTITLE msg=audit(11/15/22 15:02:37.425:138) : proctitle=cp -a /usr/share/openssh/sshd_config /tmp/tmp.ElPamcNGQn
        type=PATH msg=audit(11/15/22 15:02:37.425:138) : item=0 name=/tmp/tmp.ElPamcNGQn inode=271 dev=00:26 mode=file,600 ouid=root ogid=root rdev=00:00 obj=root:object_r:dpkg_script_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
        type=CWD msg=audit(11/15/22 15:02:37.425:138) : cwd=/
        type=SYSCALL msg=audit(11/15/22 15:02:37.425:138) : arch=x86_64 syscall=lsetxattr success=no exit=EACCES(Permission denied) a0=0x7ffca403b605 a1=0x7f5a8198079d a2=0x5559c429dcc0 a3=0x1b items=1 ppid=6632 pid=6634 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts6 ses=4 comm=cp exe=/usr/bin/cp subj=root:sysadm_r:dpkg_script_t:s0-s0:c0.c1023 key=(null)
        type=AVC msg=audit(11/15/22 15:02:37.425:138) : avc:  denied  { associate } for  pid=6634 comm=cp name=tmp.ElPamcNGQn dev="tmpfs" ino=271 scontext=system_u:object_r:usr_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0
    
    Use the default context for the target instead.
    
    Also create /etc/ssh with the default SELinux context.

Created: 2022-11-15 Last update: 2022-11-29 09:42

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-11-15 Last update: 2022-11-15 06:38

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2021-41617: (needs triaging) sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-07-04 Last update: 2022-11-18 10:11

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.1.0).

Created: 2017-06-25 Last update: 2022-11-14 23:38

news

[rss feed]

[2022-11-19] openssh 1:9.1p1-1 MIGRATED to testing (Debian testing watch)
[2022-11-14] Accepted openssh 1:9.1p1-1 (source) into unstable (Colin Watson)
[2022-07-02] Accepted openssh 1:8.4p1-5+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Colin Watson)
[2022-04-11] openssh 1:9.0p1-1 MIGRATED to testing (Debian testing watch)
[2022-04-09] Accepted openssh 1:9.0p1-1 (source) into unstable (Colin Watson)
[2022-03-15] openssh 1:8.9p1-3 MIGRATED to testing (Debian testing watch)
[2022-02-25] Accepted openssh 1:8.9p1-3 (source) into unstable (Colin Watson)
[2022-02-24] Accepted openssh 1:8.9p1-2 (source) into unstable (Colin Watson)
[2022-02-24] Accepted openssh 1:8.9p1-1 (source) into unstable (Colin Watson)
[2022-02-18] openssh 1:8.8p1-1 MIGRATED to testing (Debian testing watch)
[2022-02-15] Accepted openssh 1:8.8p1-1 (source) into unstable (Colin Watson)
[2021-12-31] openssh 1:8.7p1-4 MIGRATED to testing (Debian testing watch)
[2021-12-29] Accepted openssh 1:8.7p1-4 (source) into unstable (Colin Watson)
[2021-12-29] Accepted openssh 1:8.7p1-3 (source) into unstable (Colin Watson)
[2021-11-16] openssh 1:8.7p1-2 MIGRATED to testing (Debian testing watch)
[2021-11-13] Accepted openssh 1:8.7p1-2 (source) into unstable (Colin Watson)
[2021-11-08] openssh 1:8.7p1-1 MIGRATED to testing (Debian testing watch)
[2021-11-06] Accepted openssh 1:8.7p1-1 (source) into unstable (Colin Watson)
[2021-09-06] openssh 1:8.4p1-6 MIGRATED to testing (Debian testing watch)
[2021-08-19] Accepted openssh 1:8.4p1-6 (source) into unstable (Colin Watson)
[2021-03-18] openssh 1:8.4p1-5 MIGRATED to testing (Debian testing watch)
[2021-03-13] Accepted openssh 1:8.4p1-5 (source) into unstable (Colin Watson)
[2021-02-25] openssh 1:8.4p1-4 MIGRATED to testing (Debian testing watch)
[2021-02-15] Accepted openssh 1:8.4p1-4 (source) into unstable (Colin Watson)
[2020-12-06] openssh 1:8.4p1-3 MIGRATED to testing (Debian testing watch)
[2020-12-02] Accepted openssh 1:8.4p1-3 (source) into unstable (Colin Watson)
[2020-11-25] Accepted openssh 1:8.4p1-2~bpo10+1 (source amd64 all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Mike Gabriel)
[2020-11-19] openssh 1:8.4p1-2 MIGRATED to testing (Debian testing watch)
[2020-10-26] Accepted openssh 1:8.4p1-2 (source) into unstable (Colin Watson)
[2020-10-20] Accepted openssh 1:8.4p1-1 (source) into unstable (Colin Watson)

bugs [bug history graph]

all: 638 683
RC: 0
I&N: 404 422
M&W: 233 260
F&P: 1
patch: 49 67

links

homepage
lintian (0, 8)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (100, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:9.0p1-1ubuntu8
138 bugs (7 patches)
patches for 1:9.0p1-1ubuntu8