Your message dated Thu, 08 May 2025 20:32:09 +0000 with message-id <E1uD7ub-004S3m-Sy@fasolo.debian.org> and subject line Bug#1102603: fixed in openssh 1:9.2p1-2+deb12u6 has caused the Debian Bug report #1102603, regarding openssh: CVE-2025-32728 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1102603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh: CVE-2025-32728
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 10 Apr 2025 22:20:44 +0200
- Message-id: <174431644435.3465326.3124707217542544007.reportbug@eldamar.lan>
Source: openssh Version: 1:7.4p1-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerability was published for openssh. CVE-2025-32728[0]: | In sshd in OpenSSH before 10.0, the DisableForwarding directive does | not adhere to the documentation stating that it disables X11 and | agent forwarding. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-32728 https://www.cve.org/CVERecord?id=CVE-2025-32728 [1] https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367 [2] https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1102603-close@bugs.debian.org
- Subject: Bug#1102603: fixed in openssh 1:9.2p1-2+deb12u6
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 08 May 2025 20:32:09 +0000
- Message-id: <E1uD7ub-004S3m-Sy@fasolo.debian.org>
- Reply-to: Colin Watson <cjwatson@debian.org>
Source: openssh Source-Version: 1:9.2p1-2+deb12u6 Done: Colin Watson <cjwatson@debian.org> We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1102603@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 08 May 2025 11:54:24 +0100 Source: openssh Architecture: source Version: 1:9.2p1-2+deb12u6 Distribution: bookworm Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 1102603 Changes: openssh (1:9.2p1-2+deb12u6) bookworm; urgency=medium . * CVE-2025-32728: sshd(8): fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented (closes: #1102603). Checksums-Sha1: d5e693ca8c7114d412ac7e929651e7188482de18 3381 openssh_9.2p1-2+deb12u6.dsc 7df7ea9aff5be3f19a8e30cf43fa38c7b37b88e7 196396 openssh_9.2p1-2+deb12u6.debian.tar.xz Checksums-Sha256: 0275cb81c40b90b8ac4e321f2bae896a0d5ac7665b36af6ba4182b2882625868 3381 openssh_9.2p1-2+deb12u6.dsc 8877ff03e7ca5cb92c51876caab8817cb89576c5f1df9c3f32044f3ecddf770a 196396 openssh_9.2p1-2+deb12u6.debian.tar.xz Files: f1cbf048d6e5f0d97e5485641885f555 3381 net standard openssh_9.2p1-2+deb12u6.dsc fdc2216c99d706eccefb3e18cc93b7a8 196396 net standard openssh_9.2p1-2+deb12u6.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmgcje8ACgkQOTWH2X2G UAswrhAAgN6vVjPzEf2m5P1bW1L9Lc/pJkmKs3sRTnRg5IqPtFmGlpVdUgxIwH9T xR4g+q+4yfyREe2SXZoVZH55T5DLOQ12CIu11hdnotZJlUZipP7/TsYbs37sFWKm oJDJMm9E7eooX1ICCgorRTovadxWg63q40wdWwcRrzxoLzmbzUutii8StF94nHGA 4qz0K3chTdNZAd73gWZxA2wYMq9vzW8XjHKadvoFyI6H9+Wz89yo+nYWYs1zzkvi Y+UlXQTg27CPzWoJOiw5692X1eWhsirp6xMhcyfgDN90RJ0Os1pDTGZHzyxJ0P1h DlyZ6gcZmhxjOORyRQ1QY24XLaDLazkhD7VQCNlP5TLLXEadTebyV2WnfDy5N320 gp8TYASOxOikCgZxnJK8eg41gH5g4kTSE9HcEUjNL0bOZRQeFc4JqmTMopX4QuS4 kJL7GCqtySgO0XloJGceB3sHwRNtrQ8YFE4KywptU6ShyIf4dc/ugKSu/huBV9m7 FjeyDSM4OCHsW/eAKbL3hVc4+pJKSIGBTrnIgiUwHVZ9yrmHYyPslauNZAQRgmBA 06g8W/dMATHgiWjvd7763YIho5glSk2d0Twn9UKIx1KrpFlTGgOHj3hn9LW4S/Ke r5kO30FtVpNntOhiMotBULBIo7u1oqi+rjYF/QmXJ8u1dFP7LQI= =c5a+ -----END PGP SIGNATURE-----Attachment: pgpDajO1T3Dyy.pgp
Description: PGP signature
--- End Message ---