Debian Package Tracker

general

source: openssh (main)
version: 1:8.1p1-1
maintainer: Debian OpenSSH Maintainers (archive) (DMD)
uploaders: Matthew Vernon [DMD] – Colin Watson [DMD]
arch: all any
std-ver: 4.1.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:6.7p1-5+deb8u4
o-o-sec: 1:6.7p1-5+deb8u8
oldstable: 1:7.4p1-10+deb9u7
old-sec: 1:7.4p1-10+deb9u6
stable: 1:7.9p1-10
stable-sec: 1:7.9p1-10+deb10u1
stable-p-u: 1:7.9p1-10+deb10u1
testing: 1:8.1p1-1
unstable: 1:8.1p1-1

versioned links

1:6.7p1-5+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.7p1-5+deb8u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.4p1-10+deb9u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.4p1-10+deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.9p1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:7.9p1-10+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:8.1p1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

openssh-client (277 bugs: 0, 156, 121, 0)
openssh-client-udeb
openssh-server (208 bugs: 0, 153, 55, 0)
openssh-server-udeb
openssh-sftp-server (1 bugs: 0, 1, 0, 0)
openssh-tests
ssh (138 bugs: 0, 74, 64, 0)
ssh-askpass-gnome (2 bugs: 0, 2, 0, 0)

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2019-07-07 Last update: 2019-10-12 05:06

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2019-10-12 05:06

Depends on packages which need a new maintainer normal

The packages that openssh depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2019-10-16 06:10

46 bugs tagged patch in the BTS normal

The BTS contains patches fixing 46 bugs (64 if counting merged bugs), consider including or untagging them.

Created: 2019-04-01 Last update: 2019-10-16 05:09

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit e50a98bda787a3b9f53ed67bdccbbac0bde1f9ae
Author: Colin Watson <cjwatson@debian.org>
Date:   Sun Oct 13 18:45:41 2019 +0100

    Update NEWS entry timestamp to match changelog

Created: 2019-10-13 Last update: 2019-10-13 20:21

lintian reports 12 warnings normal

Lintian reports 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-10-09 Last update: 2019-10-11 03:10

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2019-10-12 05:06

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
CVE-2016-8858: ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Please fix them.

Created: 2015-07-12 Last update: 2019-10-12 05:06

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2019-10-12 05:06

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2018-04-03 19:52

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.1.0).

Created: 2017-06-25 Last update: 2019-10-10 21:31

news

[rss feed]

[2019-10-12] Accepted openssh 1:7.9p1-10+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Colin Watson)
[2019-10-12] openssh 1:8.1p1-1 MIGRATED to testing (Debian testing watch)
[2019-10-10] Accepted openssh 1:8.1p1-1 (source) into unstable (Colin Watson)
[2019-10-08] openssh 1:8.0p1-7 MIGRATED to testing (Debian testing watch)
[2019-10-07] Accepted openssh 1:7.9p1-10+deb10u1 (source) into stable->embargoed, stable (Colin Watson)
[2019-10-05] Accepted openssh 1:8.0p1-7 (source) into unstable (Colin Watson)
[2019-08-30] openssh 1:8.0p1-6 MIGRATED to testing (Debian testing watch)
[2019-08-28] Accepted openssh 1:8.0p1-6 (source) into unstable (Colin Watson)
[2019-08-27] Accepted openssh 1:8.0p1-5 (source) into unstable (Colin Watson)
[2019-08-11] Accepted openssh 1:7.4p1-10+deb9u7 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Mühlenhoff)
[2019-08-05] openssh 1:8.0p1-4 MIGRATED to testing (Debian testing watch)
[2019-08-05] openssh 1:8.0p1-4 MIGRATED to testing (Debian testing watch)
[2019-08-03] Accepted openssh 1:8.0p1-4 (source) into unstable (Colin Watson)
[2019-07-13] openssh 1:8.0p1-3 MIGRATED to testing (Debian testing watch)
[2019-07-08] Accepted openssh 1:8.0p1-3 (source) into unstable (Colin Watson)
[2019-06-14] Accepted openssh 1:8.0p1-2 (source) into experimental (Colin Watson)
[2019-06-09] Accepted openssh 1:8.0p1-1 (source) into experimental (Colin Watson)
[2019-04-19] openssh 1:7.9p1-10 MIGRATED to testing (Debian testing watch)
[2019-04-08] Accepted openssh 1:7.9p1-10 (source) into unstable (Colin Watson)
[2019-03-25] Accepted openssh 1:6.7p1-5+deb8u8 (source amd64 all) into oldstable (Mike Gabriel)
[2019-03-13] openssh 1:7.9p1-9 MIGRATED to testing (Debian testing watch)
[2019-03-07] Accepted openssh 1:7.4p1-10+deb9u6 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2019-03-02] Accepted openssh 1:7.4p1-10+deb9u6 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2019-03-01] Accepted openssh 1:7.9p1-9 (source) into unstable (Colin Watson)
[2019-02-28] Accepted openssh 1:7.9p1-8 (source) into unstable (Colin Watson)
[2019-02-26] Accepted openssh 1:7.9p1-7 (source) into unstable (Colin Watson)
[2019-02-11] openssh 1:7.9p1-6 MIGRATED to testing (Debian testing watch)
[2019-02-09] Accepted openssh 1:7.4p1-10+deb9u5 (source) into proposed-updates->stable-new, proposed-updates (Yves-Alexis Perez)
[2019-02-09] Accepted openssh 1:7.4p1-10+deb9u5 (source) into stable->embargoed, stable (Yves-Alexis Perez)
[2019-02-08] Accepted openssh 1:7.9p1-6 (source) into unstable (Colin Watson)

bugs [bug history graph]

all: 602 654
RC: 0
I&N: 372 396
M&W: 228 256
F&P: 2
patch: 46 64

links

homepage
lintian (0, 12)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:8.0p1-6build1
127 bugs (5 patches)