Debian Package Tracker

general

source: openssh (main)
version: 1:8.0p1-4
maintainer: Debian OpenSSH Maintainers (archive) (DMD)
uploaders: Matthew Vernon [DMD] – Colin Watson [DMD]
arch: all any
std-ver: 4.1.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:6.7p1-5+deb8u4
o-o-sec: 1:6.7p1-5+deb8u8
oldstable: 1:7.4p1-10+deb9u6
old-sec: 1:7.4p1-10+deb9u6
old-p-u: 1:7.4p1-10+deb9u7
stable: 1:7.9p1-10
testing: 1:8.0p1-4
unstable: 1:8.0p1-4

versioned links

1:6.7p1-5+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.7p1-5+deb8u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.4p1-10+deb9u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.4p1-10+deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.9p1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:8.0p1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

openssh-client (277 bugs: 0, 156, 121, 0)
openssh-client-udeb
openssh-server (207 bugs: 0, 152, 55, 0)
openssh-server-udeb
openssh-sftp-server (1 bugs: 0, 1, 0, 0)
openssh-tests
ssh (138 bugs: 0, 74, 64, 0)
ssh-askpass-gnome (2 bugs: 0, 2, 0, 0)

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2019-07-07 Last update: 2019-08-05 08:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2019-08-05 08:30

46 bugs tagged patch in the BTS normal

The BTS contains patches fixing 46 bugs (64 if counting merged bugs), consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-19 15:47

Depends on packages which need a new maintainer normal

The packages that openssh depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2019-08-19 14:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:8.0p1-5, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit f5e0907876b1168f8d77fb4a8b96fc62965dd6f4
Author: Colin Watson <cjwatson@debian.org>
Date:   Tue Aug 13 10:44:32 2019 +0100

    Add a runscript for runit
    
    Changelog entry for Lorenzo Puliti's recently-merged commit.
    
    Closes: #933999

commit 54568d642443c196b9eec75f0d719f117907175f
Author: Colin Watson <cjwatson@debian.org>
Date:   Tue Aug 13 10:39:06 2019 +0100

    Consistent whitespace

commit 30465dd0efdf99fa32bc7f829c403f474e1f6bc3
Merge: e5fc1684 b48697c6
Author: Colin Watson <cjwatson@debian.org>
Date:   Tue Aug 13 09:35:04 2019 +0000

    Merge branch 'runit' into 'master'
    
    Please add a runscript for runit
    
    See merge request ssh-team/openssh!7

commit b48697c64a0ac57eed494104f4c82d61f5b6fc89
Author: Lorenzo Puliti <lorenzo.ru.g@gmail.com>
Date:   Mon Aug 5 20:24:41 2019 +0200

    Add a runscript for runit
    
    Add a 'run' and a 'finish' script for runit init system;
    rely on dh-runit for maintscript code.

Created: 2019-08-13 Last update: 2019-08-17 15:37

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2019-08-05 08:30

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2019-08-05 08:30

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
CVE-2016-8858: ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Please fix them.

Created: 2015-07-12 Last update: 2019-08-05 08:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2018-04-03 19:52

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.1.0).

Created: 2017-06-25 Last update: 2019-08-03 20:54

news

[rss feed]

[2019-08-11] Accepted openssh 1:7.4p1-10+deb9u7 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Mühlenhoff)
[2019-08-05] openssh 1:8.0p1-4 MIGRATED to testing (Debian testing watch)
[2019-08-05] openssh 1:8.0p1-4 MIGRATED to testing (Debian testing watch)
[2019-08-03] Accepted openssh 1:8.0p1-4 (source) into unstable (Colin Watson)
[2019-07-13] openssh 1:8.0p1-3 MIGRATED to testing (Debian testing watch)
[2019-07-08] Accepted openssh 1:8.0p1-3 (source) into unstable (Colin Watson)
[2019-06-14] Accepted openssh 1:8.0p1-2 (source) into experimental (Colin Watson)
[2019-06-09] Accepted openssh 1:8.0p1-1 (source) into experimental (Colin Watson)
[2019-04-19] openssh 1:7.9p1-10 MIGRATED to testing (Debian testing watch)
[2019-04-08] Accepted openssh 1:7.9p1-10 (source) into unstable (Colin Watson)
[2019-03-25] Accepted openssh 1:6.7p1-5+deb8u8 (source amd64 all) into oldstable (Mike Gabriel)
[2019-03-13] openssh 1:7.9p1-9 MIGRATED to testing (Debian testing watch)
[2019-03-07] Accepted openssh 1:7.4p1-10+deb9u6 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2019-03-02] Accepted openssh 1:7.4p1-10+deb9u6 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2019-03-01] Accepted openssh 1:7.9p1-9 (source) into unstable (Colin Watson)
[2019-02-28] Accepted openssh 1:7.9p1-8 (source) into unstable (Colin Watson)
[2019-02-26] Accepted openssh 1:7.9p1-7 (source) into unstable (Colin Watson)
[2019-02-11] openssh 1:7.9p1-6 MIGRATED to testing (Debian testing watch)
[2019-02-09] Accepted openssh 1:7.4p1-10+deb9u5 (source) into proposed-updates->stable-new, proposed-updates (Yves-Alexis Perez)
[2019-02-09] Accepted openssh 1:7.4p1-10+deb9u5 (source) into stable->embargoed, stable (Yves-Alexis Perez)
[2019-02-08] Accepted openssh 1:7.9p1-6 (source) into unstable (Colin Watson)
[2019-01-15] openssh 1:7.9p1-5 MIGRATED to testing (Debian testing watch)
[2019-01-13] Accepted openssh 1:7.9p1-5 (source) into unstable (Colin Watson)
[2018-11-19] openssh 1:7.9p1-4 MIGRATED to testing (Debian testing watch)
[2018-11-16] Accepted openssh 1:7.9p1-4 (source) into unstable (Colin Watson)
[2018-11-16] Accepted openssh 1:7.9p1-3 (all amd64 source) into unstable, unstable (Colin Watson)
[2018-10-28] openssh 1:7.9p1-1 MIGRATED to testing (Debian testing watch)
[2018-10-21] Accepted openssh 1:7.9p1-1 (source) into unstable (Colin Watson)
[2018-09-12] Accepted openssh 1:6.7p1-5+deb8u7 (source amd64 all) into oldstable (Santiago Ruano Rincón)
[2018-09-10] Accepted openssh 1:6.7p1-5+deb8u6 (source amd64 all) into oldstable (Santiago Ruano Rincón)

bugs [bug history graph]

all: 602 654
RC: 0
I&N: 371 395
M&W: 228 256
F&P: 3
patch: 46 64

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:8.0p1-4
129 bugs (5 patches)