Debian Package Tracker
Register | Log in
Subscribe

tmate-ssh-server

terminal multiplexer with instant terminal sharing -- server

Choose email to subscribe with

general
  • source: tmate-ssh-server (main)
  • version: 2.3.0-49-g97d20249-1
  • maintainer: Adrian Vondendriesch (DMD)
  • uploaders: Christoph Berg [DMD]
  • arch: any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 2.3.0-49-g97d20249-1
  • unstable: 2.3.0-49-g97d20249-1
versioned links
  • 2.3.0-49-g97d20249-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • tmate-ssh-server (1 bugs: 0, 1, 0, 0)
action needed
2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:
  • CVE-2021-44512: World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
  • CVE-2021-44513: Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.
Created: 2021-12-06 Last update: 2022-02-08 00:36
2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:
  • CVE-2021-44512: World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
  • CVE-2021-44513: Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.
Created: 2021-12-06 Last update: 2021-12-08 06:30
lintian reports 2 warnings high
Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-09-06 Last update: 2021-10-13 21:35
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 5-day delay is over. Check why.
Created: 2022-01-05 Last update: 2022-05-26 03:36
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 2.3.0-49-g97d20249-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 56578eef80e5e1d89ac2b3db99160e6705d81b24
Merge: d5567ee 92a021c
Author: Christoph Berg <myon@debian.org>
Date:   Mon Apr 4 13:56:52 2022 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request debian/tmate-ssh-server!1

commit 92a021c07ffeebc87aa3ee366750369330617325
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:06:03 2021 +0000

    Avoid explicitly specifying -Wl,--as-needed linker flag.
    
    Changes-By: lintian-brush
    Fixes: lintian: debian-rules-uses-as-needed-linker-flag
    See-also: https://lintian.debian.org/tags/debian-rules-uses-as-needed-linker-flag.html

commit 52d07a694837cc10828b17026c226ed29ac3dc61
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:06:02 2021 +0000

    Update standards version to 4.5.1, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 34e878c420e860a064b6fc5a0f581aab125b88b7
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:06:00 2021 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html

commit a4ea2aac8206f91887fbb72ce693bf879e6d5c24
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:05:55 2021 +0000

    Bump debhelper from old 12 to 13.
    
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html

commit ebb1881e6bebf2578312325b674373f1d9b571cb
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Sep 7 06:05:54 2021 +0000

    Use secure copyright file specification URI.
    
    Changes-By: lintian-brush
    Fixes: lintian: insecure-copyright-format-uri
    See-also: https://lintian.debian.org/tags/insecure-copyright-format-uri.html
Created: 2022-04-04 Last update: 2022-05-25 05:45
2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:
  • CVE-2021-44512: (needs triaging) World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
  • CVE-2021-44513: (needs triaging) Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-12-06 Last update: 2022-02-08 00:36
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2022-05-11 23:24
testing migrations
  • excuses:
    • Migration status for tmate-ssh-server (- to 2.3.0-49-g97d20249-1): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating tmate-ssh-server would introduce bugs in testing: #1001225
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/t/tmate-ssh-server.html
    • ∙ ∙ 584 days old (needed 5 days)
    • Not considered
news
[rss feed]
  • [2022-01-06] tmate-ssh-server REMOVED from testing (Debian testing watch)
  • [2020-10-24] tmate-ssh-server 2.3.0-49-g97d20249-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-18] Accepted tmate-ssh-server 2.3.0-49-g97d20249-1 (source amd64) into unstable, unstable (Debian FTP Masters) (signed by: Christoph Berg)
bugs [bug history graph]
  • all: 2
  • RC: 1
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 2)
  • buildd: logs, clang, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.3.0-49-g97d20249-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing