tmate-ssh-server - Debian Package Tracker

general

source: tmate-ssh-server (main)
version: 2.3.0-49-g97d20249-1
maintainer: Adrian Vondendriesch (DMD)
uploaders: Christoph Berg [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 2.3.0-49-g97d20249-1
unstable: 2.3.0-49-g97d20249-1

versioned links

2.3.0-49-g97d20249-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

tmate-ssh-server (1 bugs: 0, 1, 0, 0)

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2021-44512: World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
CVE-2021-44513: Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.

Created: 2021-12-06 Last update: 2022-02-08 00:36

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2021-44512: World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
CVE-2021-44513: Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.

Created: 2021-12-06 Last update: 2021-12-08 06:30

lintian reports 2 warnings high

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-09-06 Last update: 2021-10-13 21:35

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2022-01-05 Last update: 2022-05-26 03:36

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.3.0-49-g97d20249-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 56578eef80e5e1d89ac2b3db99160e6705d81b24
Merge: d5567ee 92a021c
Author: Christoph Berg <myon@debian.org>
Date:   Mon Apr 4 13:56:52 2022 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request debian/tmate-ssh-server!1

commit 92a021c07ffeebc87aa3ee366750369330617325
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:06:03 2021 +0000

    Avoid explicitly specifying -Wl,--as-needed linker flag.
    
    Changes-By: lintian-brush
    Fixes: lintian: debian-rules-uses-as-needed-linker-flag
    See-also: https://lintian.debian.org/tags/debian-rules-uses-as-needed-linker-flag.html

commit 52d07a694837cc10828b17026c226ed29ac3dc61
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:06:02 2021 +0000

    Update standards version to 4.5.1, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 34e878c420e860a064b6fc5a0f581aab125b88b7
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:06:00 2021 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html

commit a4ea2aac8206f91887fbb72ce693bf879e6d5c24
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:05:55 2021 +0000

    Bump debhelper from old 12 to 13.
    
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html

commit ebb1881e6bebf2578312325b674373f1d9b571cb
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:05:54 2021 +0000

    Use secure copyright file specification URI.
    
    Changes-By: lintian-brush
    Fixes: lintian: insecure-copyright-format-uri
    See-also: https://lintian.debian.org/tags/insecure-copyright-format-uri.html

Created: 2022-04-04 Last update: 2022-05-25 05:45

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2021-44512: (needs triaging) World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
CVE-2021-44513: (needs triaging) Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-12-06 Last update: 2022-02-08 00:36

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2022-05-11 23:24

testing migrations

excuses:
- Migration status for tmate-ssh-server (- to 2.3.0-49-g97d20249-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating tmate-ssh-server would introduce bugs in testing: #1001225
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/t/tmate-ssh-server.html
- ∙ ∙ 584 days old (needed 5 days)
- Not considered

news

[rss feed]

[2022-01-06] tmate-ssh-server REMOVED from testing (Debian testing watch)
[2020-10-24] tmate-ssh-server 2.3.0-49-g97d20249-1 MIGRATED to testing (Debian testing watch)
[2020-10-18] Accepted tmate-ssh-server 2.3.0-49-g97d20249-1 (source amd64) into unstable, unstable (Debian FTP Masters) (signed by: Christoph Berg)

bugs [bug history graph]

all: 2
RC: 1
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.3.0-49-g97d20249-1