Bug#1102603: marked as done (openssh: CVE-2025-32728)

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#1102603: marked as done (openssh: CVE-2025-32728)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Thu, 08 May 2025 20:33:05 +0000
Message-id: <[🔎] handler.1102603.D1102603.1746736341311180.ackdone@bugs.debian.org>
Reply-to: 1102603@bugs.debian.org
References: <E1uD7ub-004S3m-Sy@fasolo.debian.org> <174431644435.3465326.3124707217542544007.reportbug@eldamar.lan>

Your message dated Thu, 08 May 2025 20:32:09 +0000
with message-id <E1uD7ub-004S3m-Sy@fasolo.debian.org>
and subject line Bug#1102603: fixed in openssh 1:9.2p1-2+deb12u6
has caused the Debian Bug report #1102603,
regarding openssh: CVE-2025-32728
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1102603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openssh: CVE-2025-32728
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 10 Apr 2025 22:20:44 +0200
Message-id: <174431644435.3465326.3124707217542544007.reportbug@eldamar.lan>

Source: openssh
Version: 1:7.4p1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for openssh.

CVE-2025-32728[0]:
| In sshd in OpenSSH before 10.0, the DisableForwarding directive does
| not adhere to the documentation stating that it disables X11 and
| agent forwarding.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-32728
    https://www.cve.org/CVERecord?id=CVE-2025-32728
[1] https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
[2] https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1102603-close@bugs.debian.org
Subject: Bug#1102603: fixed in openssh 1:9.2p1-2+deb12u6
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 08 May 2025 20:32:09 +0000
Message-id: <E1uD7ub-004S3m-Sy@fasolo.debian.org>
Reply-to: Colin Watson <cjwatson@debian.org>

Source: openssh
Source-Version: 1:9.2p1-2+deb12u6
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1102603@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 May 2025 11:54:24 +0100
Source: openssh
Architecture: source
Version: 1:9.2p1-2+deb12u6
Distribution: bookworm
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1102603
Changes:
 openssh (1:9.2p1-2+deb12u6) bookworm; urgency=medium
 .
   * CVE-2025-32728: sshd(8): fix the DisableForwarding directive, which was
     failing to disable X11 forwarding and agent forwarding as documented
     (closes: #1102603).
Checksums-Sha1:
 d5e693ca8c7114d412ac7e929651e7188482de18 3381 openssh_9.2p1-2+deb12u6.dsc
 7df7ea9aff5be3f19a8e30cf43fa38c7b37b88e7 196396 openssh_9.2p1-2+deb12u6.debian.tar.xz
Checksums-Sha256:
 0275cb81c40b90b8ac4e321f2bae896a0d5ac7665b36af6ba4182b2882625868 3381 openssh_9.2p1-2+deb12u6.dsc
 8877ff03e7ca5cb92c51876caab8817cb89576c5f1df9c3f32044f3ecddf770a 196396 openssh_9.2p1-2+deb12u6.debian.tar.xz
Files:
 f1cbf048d6e5f0d97e5485641885f555 3381 net standard openssh_9.2p1-2+deb12u6.dsc
 fdc2216c99d706eccefb3e18cc93b7a8 196396 net standard openssh_9.2p1-2+deb12u6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmgcje8ACgkQOTWH2X2G
UAswrhAAgN6vVjPzEf2m5P1bW1L9Lc/pJkmKs3sRTnRg5IqPtFmGlpVdUgxIwH9T
xR4g+q+4yfyREe2SXZoVZH55T5DLOQ12CIu11hdnotZJlUZipP7/TsYbs37sFWKm
oJDJMm9E7eooX1ICCgorRTovadxWg63q40wdWwcRrzxoLzmbzUutii8StF94nHGA
4qz0K3chTdNZAd73gWZxA2wYMq9vzW8XjHKadvoFyI6H9+Wz89yo+nYWYs1zzkvi
Y+UlXQTg27CPzWoJOiw5692X1eWhsirp6xMhcyfgDN90RJ0Os1pDTGZHzyxJ0P1h
DlyZ6gcZmhxjOORyRQ1QY24XLaDLazkhD7VQCNlP5TLLXEadTebyV2WnfDy5N320
gp8TYASOxOikCgZxnJK8eg41gH5g4kTSE9HcEUjNL0bOZRQeFc4JqmTMopX4QuS4
kJL7GCqtySgO0XloJGceB3sHwRNtrQ8YFE4KywptU6ShyIf4dc/ugKSu/huBV9m7
FjeyDSM4OCHsW/eAKbL3hVc4+pJKSIGBTrnIgiUwHVZ9yrmHYyPslauNZAQRgmBA
06g8W/dMATHgiWjvd7763YIho5glSk2d0Twn9UKIx1KrpFlTGgOHj3hn9LW4S/Ke
r5kO30FtVpNntOhiMotBULBIo7u1oqi+rjYF/QmXJ8u1dFP7LQI=
=c5a+
-----END PGP SIGNATURE-----

Attachment: pgpDajO1T3Dyy.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: openssh_9.2p1-2+deb12u6_source.changes ACCEPTED into proposed-updates
Next by Date: Processed: Re: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
Previous by thread: openssh_9.2p1-2+deb12u6_source.changes ACCEPTED into proposed-updates
Next by thread: Processed: Bug#1103522 marked as pending in openssh
Index(es):
- Date
- Thread