sslh - Debian Package Tracker

general

source: sslh (main)
version: 2.1.4-1
maintainer: Don Armstrong (DMD) (LowNMU)
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.18-1
oldstable: 1.20-1
stable: 1.20-1
testing: 2.1.4-1
unstable: 2.1.4-1

versioned links

1.18-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

sslh (6 bugs: 0, 5, 1, 0)

action needed

A new upstream version is available: 2.2.4 high

A new upstream version 2.2.4 is available, you should consider packaging it.

Created: 2025-04-08 Last update: 2025-06-29 09:03

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2025-46806: A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
CVE-2025-46807: A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
CVE-2025-52936: Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.

Created: 2025-06-02 Last update: 2025-06-24 23:30

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2025-46806: A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
CVE-2025-46807: A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
CVE-2025-52936: Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.

Created: 2025-06-02 Last update: 2025-06-24 23:30

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2025-46807: A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
CVE-2025-52936: Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.

Created: 2025-06-02 Last update: 2025-06-24 23:30

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2025-46807: A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
CVE-2025-52936: Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.

Created: 2025-06-02 Last update: 2025-06-24 23:30

debian/patches: 1 patch with invalid metadata, 4 patches to forward upstream high

Among the 6 debian patches available in version 2.1.4-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.
4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-01-06 14:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-06-29 10:32

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-01-14 Last update: 2025-06-29 07:00

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 8856c830c1aed288084a121617fb00fbb2d002ac
Author: Sergey Ponomarev <stokito@gmail.com>
Date:   Thu Apr 4 13:19:11 2024 +0300

    sslh.service: use SystemD to set a user instead of option --user sslh

commit 4a28d923c2e004ce695923ceeee0eaa0ad2af31d
Author: Sergey Ponomarev <stokito@gmail.com>
Date:   Mon Dec 18 22:41:44 2023 +0200

    /etc/default/sslh: use --tls instead of the deprecated --ssl
    
    Signed-off-by: Sergey Ponomarev <stokito@gmail.com>

commit 80e3fef0bb43240f5dfab3316824c0d38fb893be
Author: Gioele Barabucci <gioele@svario.it>
Date:   Sat Feb 15 09:40:34 2025 +0100

    d/control: Remove outdated debconf version constraint
    
    debconf 0.5 is older than Debian 3.0 "woody" (released in 2002),
    thus this version constraint is not really useful.
    
    An appropriate dependency (compatible with `cdebconf`) will be added
    by `dh_installdebconf`.
    
    Closes: #1096122

Created: 2025-02-17 Last update: 2025-06-28 15:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.4.0).

Created: 2019-09-29 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-01-15] sslh 2.1.4-1 MIGRATED to testing (Debian testing watch)
[2025-01-06] Accepted sslh 2.1.4-1 (source) into unstable (Don Armstrong)
[2024-11-12] sslh REMOVED from testing (Debian testing watch)
[2024-10-24] sslh 2.1.1-2 MIGRATED to testing (Debian testing watch)
[2024-09-26] Accepted sslh 2.1.1-2 (source) into unstable (Don Armstrong)
[2024-05-21] sslh REMOVED from testing (Debian testing watch)
[2024-05-21] sslh REMOVED from testing (Debian testing watch)
[2024-04-26] Accepted sslh 2.1.1-1 (source) into unstable (Don Armstrong)
[2023-08-23] sslh 1.22c-1 MIGRATED to testing (Debian testing watch)
[2023-08-18] Accepted sslh 1.22c-1 (source amd64) into unstable (Don Armstrong)
[2023-08-15] Accepted sslh 1.20-1.1 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
[2023-07-17] sslh REMOVED from testing (Debian testing watch)
[2020-02-11] Accepted sslh 1.20-1~bpo10+1 (source amd64) into buster-backports, buster-backports (Mike Gabriel)
[2020-02-11] Accepted sslh 1.20-1~bpo9+1 (source amd64) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Mike Gabriel)
[2019-09-26] sslh 1.20-1 MIGRATED to testing (Debian testing watch)
[2019-09-21] Accepted sslh 1.20-1 (source) into unstable (Don Armstrong)
[2016-05-23] sslh 1.18-1 MIGRATED to testing (Debian testing watch)
[2016-05-17] Accepted sslh 1.18-1 (source amd64) into unstable (Guillaume Delacour) (signed by: Ana Beatriz Guerrero López)
[2015-07-29] sslh 1.17-2 MIGRATED to testing (Britney)
[2015-07-23] Accepted sslh 1.17-2 (source amd64) into unstable (Guillaume Delacour) (signed by: Ana Beatriz Guerrero López)
[2015-05-31] Accepted sslh 1.17-1 (source amd64) into unstable (Guillaume Delacour) (signed by: Ana Beatriz Guerrero López)
[2014-09-09] sslh 1.16-2 MIGRATED to testing (Britney)
[2014-09-03] Accepted sslh 1.16-2 (source amd64) into unstable (Guillaume Delacour) (signed by: Ana Beatriz Guerrero López)
[2014-08-16] Accepted sslh 1.16-1 (source amd64) into unstable (Guillaume Delacour) (signed by: Ana Beatriz Guerrero López)
[2014-02-12] sslh 1.15-1 MIGRATED to testing (Debian testing watch)
[2014-02-05] Accepted sslh 1.15-1 (source amd64) (Guillaume Delacour) (signed by: Ana Beatriz Guerrero López)
[2012-09-06] sslh 1.13b-3.2 MIGRATED to testing (Debian testing watch)
[2012-08-26] Accepted sslh 1.13b-3.2 (source amd64) (David Prévot)
[2012-08-25] Accepted sslh 1.13b-3.1 (source amd64) (David Prévot)
[2012-07-29] sslh 1.13b-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 11
RC: 0
I&N: 9
M&W: 1
F&P: 1
patch: 1

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (100, -)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.4-1build1
5 bugs