Bug#941810: buster-pu: package openssh/1:7.9p1-10

To: Colin Watson <cjwatson@debian.org>
Cc: 941810@bugs.debian.org, team@security.debian.org, Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Subject: Bug#941810: buster-pu: package openssh/1:7.9p1-10
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 7 Oct 2019 22:00:31 +0200
Message-id: <[🔎] 20191007200031.GA7326@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 941810@bugs.debian.org
In-reply-to: <[🔎] 20191006193226.GB16905@eldamar.local>
References: <[🔎] 20191005213929.GA18460@riva.ucam.org> <[🔎] 20191006142223.GA13361@eldamar.local> <[🔎] 20191006190319.GD3829@riva.ucam.org> <[🔎] 20191005213929.GA18460@riva.ucam.org> <[🔎] 20191006193226.GB16905@eldamar.local> <[🔎] 20191005213929.GA18460@riva.ucam.org>

Hi Colin,

On Sun, Oct 06, 2019 at 09:32:26PM +0200, Salvatore Bonaccorso wrote:
> Hi Colin,
> 
> On Sun, Oct 06, 2019 at 08:03:19PM +0100, Colin Watson wrote:
> > On Sun, Oct 06, 2019 at 04:22:23PM +0200, Salvatore Bonaccorso wrote:
> > > On Sat, Oct 05, 2019 at 10:39:29PM +0100, Colin Watson wrote:
> > > > https://bugs.debian.org/941663 reports an OpenSSH regression on old
> > > > kernels prompted by the interaction between an OpenSSL update and a
> > > > seccomp filter; https://bugs.debian.org/941665 and
> > > > https://github.com/openssh/openssh-portable/pull/149 have more details.
> > > > The patch is an easy one to cherry-pick, and I've attached the resulting
> > > > diff.  I'd like approval to upload it.
> > > > 
> > > > I'm not sure where's best to upload this to.  Although I've filed this
> > > > as a stable update request, there's an argument that perhaps it should
> > > > be issued through the same channels as the OpenSSL update
> > > > (stable-security and then copied to stable-proposed-updates, according
> > > > to https://tracker.debian.org/pkg/openssl), so I've CCed team@security.
> > > > Any advice?
> > > 
> > > Okay let's be on the safe side and update openssh for this functional
> > > regression via buster-security.
> > > 
> > > Can you adjust the changelog accordingly and upload to
> > > security-master? (Make sure to build with -sa, and to not include a
> > > _{arch}.buildinfo file in case you perform a source only upload).
> > 
> > Done.  I usually get something wrong in the mechanics of doing security
> > uploads, but maybe I got it right for once.
> 
> Looks good so far!
> 
> > I don't have a pre-3.19 system around to test this on, but I at least
> > made sure that an ordinary buster system (with 4.19) is fine.
> 
> I was able to reproduce the issue in a buster LXC container running on
> a host with < 3.19 kernel (specifically reproduced with a jessie
> host). Will double check the fixed packages as well in that setup.

Your update was released with DSA 4539-2.

So I think #941810 can now be closed as there is no action needed to
be taken for the next buster point release.

Thanks for your work!

Regards,
Salvatore

Reply to:

References:
- Bug#941810: buster-pu: package openssh/1:7.9p1-10
  - From: Colin Watson <cjwatson@debian.org>
- Bug#941810: buster-pu: package openssh/1:7.9p1-10
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#941810: buster-pu: package openssh/1:7.9p1-10
  - From: Colin Watson <cjwatson@debian.org>
- Bug#941810: buster-pu: package openssh/1:7.9p1-10
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: bug 941907 is forwarded to https://release.debian.org/transitions/html/ocaml-4.08.1.html
Next by Date: Bug#941810: marked as done (buster-pu: package openssh/1:7.9p1-10)
Previous by thread: Bug#941810: buster-pu: package openssh/1:7.9p1-10
Next by thread: Bug#941810: marked as done (buster-pu: package openssh/1:7.9p1-10)
Index(es):
- Date
- Thread