Bug#948695: buster-pu: package openssh/1:7.9p1-10+deb10u2
Hi Colin,
On Sun, Jan 12, 2020 at 12:24:14AM +0000, Colin Watson wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> https://bugs.debian.org/946242 reports an OpenSSH regression on old
> kernels on certain architectures (e.g. i386) prompted by the interaction
> between an OpenSSL update and a seccomp filter. It's essentially the
> same as https://bugs.debian.org/941663, but at the time we didn't notice
> that the exact set of syscalls involved varies between architectures due
> to details of how the shm* library functions are implemented in glibc.
> I've attached the diff and would like approval to upload it.
>
> In https://bugs.debian.org/941810 we decided that it was best to issue
> this via buster-security; I think that would be the correct thing to do
> here as well, so I've CCed team@security. However, I'm filing this as a
> stable update request just in case there's disagreement about that for
> some reason.
I would actually say or propose to do it via the next point release.
Back when we decided there was the introduction just introduced due to
the openssl update. But now we have even a scheduled date for the next
point release, and the problem affects a very specific usecase on some
architectures.
Please let know if you disagree on this approach!
Regards,
Salvatore
Reply to: