Bug#948695: buster-pu: package openssh/1:7.9p1-10+deb10u2

[Colin Watson <cjwatson@debian.org>]

On Mon, Jan 13, 2020 at 03:30:28PM +0100, Salvatore Bonaccorso wrote:
> On Sun, Jan 12, 2020 at 12:24:14AM +0000, Colin Watson wrote:
> > https://bugs.debian.org/946242 reports an OpenSSH regression on old
> > kernels on certain architectures (e.g. i386) prompted by the interaction
> > between an OpenSSL update and a seccomp filter.  It's essentially the
> > same as https://bugs.debian.org/941663, but at the time we didn't notice
> > that the exact set of syscalls involved varies between architectures due
> > to details of how the shm* library functions are implemented in glibc.
> > I've attached the diff and would like approval to upload it.
> > 
> > In https://bugs.debian.org/941810 we decided that it was best to issue
> > this via buster-security; I think that would be the correct thing to do
> > here as well, so I've CCed team@security.  However, I'm filing this as a
> > stable update request just in case there's disagreement about that for
> > some reason.
> 
> I would actually say or propose to do it via the next point release.
> Back when we decided there was the introduction just introduced due to
> the openssl update. But now we have even a scheduled date for the next
> point release, and the problem affects a very specific usecase on some
> architectures.
> 
> Please let know if you disagree on this approach!

I don't much mind either way and am happy enough to do it via a point
release, so I'll await an SRM response here.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]