[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1099091: openssh-server: openssh packages 1:9.2p1-2+deb12u5 in bookworm-security depend on unavailable libssl version

Control: tags -1 + moreinfo

Hi,

On Fri, Feb 28, 2025 at 10:09:51AM +0100, Giacomo Mulas wrote:
> Package: openssh-server
> Version: 1:9.2p1-2+deb12u5
> Severity: important
> 
> The 1:9.2p1-2+deb12u5 version of openssh packages in bookworm-security and bookworm-proposed-updates are uninstallable on bookworm, since they strictly depend on a libssl version unavailable on bookworm. This poses a security problem, since one is either stuck with the older version in bookworm (containing bugs that were fixed in this release) or has to install/backport libssl from trixie/sid.

This is the Depends from openssh-server in 
bookworm-proposed-updates:

   Package: openssh-server
   Source: openssh
   Version: 1:9.2p1-2+deb12u5
   ...
   Depends: ..., libssl3 (>= 3.0.15), ...

However this is fine, as bookworm already has libssl3 
3.0.15-1~deb12u1. Note that it's really in bookworm, not in 
bookworm-security.

> Versions of packages openssh-server depends on:
[..]
> ii  libssl3                    3.0.14-1~deb12u2

Your system seems to be missing out on packages that are _in_ 
bookworm ("stable").


Hope this helps,
Chris
Reply to: