There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2021-44512:
(needs triaging)
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
- CVE-2021-44513:
(needs triaging)
Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.
You can find information about how to handle these issues in the security team's documentation.