Add openssh to dla-needed

author: Utkarsh Gupta <utkarsh@debian.org> 2021-10-04 05:22:38 +0530
committer: Utkarsh Gupta <utkarsh@debian.org> 2021-10-04 05:22:38 +0530
commit: 50f1016a7a8cd1a5268d9687ef44dd053edeaadb (patch)
tree: b9d14f44c71b1235941c0b88477d1a857dd61abe /data/dla-needed.txt
parent: 1015bb330ecd3dc0d83d4202092ad14b7068965d (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 976ddd6b12..94de416fe7 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -64,6 +64,13 @@ nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
   NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077
 --
+openssh (Utkarsh)
+  NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in
+  NOTE: 20211003: Ubuntu (and can see the same code differences here);
+  NOTE: 20211003: check if that needs to be fixed; talking to -security.
+  NOTE: 20211003: also CVE-2021-41617 is new; might be a good idea to
+  NOTE: 20211003: club both these together. (utkarsh)
+--
 python-babel
   NOTE: 20210617: CVE-2021-20095 withdrawn, cf. 251b6e33 and #987824 (abhijith)
   NOTE: 20210620: http://people.debian.org/~abhijith/backport_of_3a700b5.patch (abhijith)
author	Utkarsh Gupta <utkarsh@debian.org>	2021-10-04 05:22:38 +0530
committer	Utkarsh Gupta <utkarsh@debian.org>	2021-10-04 05:22:38 +0530
commit	50f1016a7a8cd1a5268d9687ef44dd053edeaadb (patch)
tree	b9d14f44c71b1235941c0b88477d1a857dd61abe /data/dla-needed.txt
parent	1015bb330ecd3dc0d83d4202092ad14b7068965d (diff)