Debian Package Tracker

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:20:21
Last run: 2020-02-24 02:46:39 UTC
Previous status: pass

testing: pass (log)
The tests ran in 0:19:57
Last run: 2020-02-18 18:36:54 UTC
Previous status: pass

stable: fail (log)
The tests ran in 0:08:06
Last run: 2020-01-31 16:37:21 UTC
Previous status:

Created: 2020-01-31 Last update: 2020-02-28 00:36

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2019-07-07 Last update: 2020-02-26 17:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2020-02-26 17:30

46 bugs tagged patch in the BTS normal

The BTS contains patches fixing 46 bugs (64 if counting merged bugs), consider including or untagging them.

Created: 2020-02-26 Last update: 2020-02-28 00:31

Depends on packages which need a new maintainer normal

The packages that openssh depends on which need a new maintainer are:

Created: 2019-11-22 Last update: 2020-02-27 22:45

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2020-02-26 17:30

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
CVE-2016-8858: ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Please fix them.

Created: 2015-07-12 Last update: 2020-02-26 17:30

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2020-02-26 17:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2018-04-03 19:52

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.0).

Created: 2017-06-25 Last update: 2020-02-26 20:08