Debian Package Tracker

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:20:24
Last run: 2020-05-14 07:31:19 UTC
Previous status: pass

testing: pass (log)
The tests ran in 0:20:11
Last run: 2020-10-26 20:58:01 UTC
Previous status: pass

stable: fail (log)
The tests ran in 0:07:49
Last run: 2020-09-20 21:05:09 UTC
Previous status: fail

Created: 2020-01-31 Last update: 2020-10-31 08:38

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2020-10-26 22:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2019-07-07 Last update: 2020-10-26 22:30

48 bugs tagged patch in the BTS normal

The BTS contains patches fixing 48 bugs (66 if counting merged bugs), consider including or untagging them.

Created: 2020-10-19 Last update: 2020-10-31 08:32

Depends on packages which need a new maintainer normal

The packages that openssh depends on which need a new maintainer are:

Created: 2019-11-22 Last update: 2020-10-31 07:06

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2020-10-26 22:30

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Please fix it.

Created: 2018-08-28 Last update: 2020-10-26 22:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2018-04-03 19:52

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.0).

Created: 2017-06-25 Last update: 2020-10-27 01:07