Change logs for openssh source package in Bullseye

openssh (1:8.4p1-5+deb11u3) bullseye-security; urgency=medium

  * Cherry-pick from upstream:
    - [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to
      correctly initialise supplemental groups when executing an
      AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a
      AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive
      has been set to run the command as a different user. Instead these
      commands would inherit the groups that sshd(8) was started with
      (closes: #995130).
    - [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to
      thwart the so-called "Terrapin attack" discovered by Fabian Bäumer,
      Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect
      a limited break of the integrity of the early encrypted SSH transport
      protocol by sending extra messages prior to the commencement of
      encryption, and deleting an equal number of consecutive messages
      immediately after encryption starts. A peer SSH client/server would
      not be able to detect that messages were deleted.
    - [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained
      shell metacharacters was passed to ssh(1), and a ProxyCommand,
      LocalCommand directive or "match exec" predicate referenced the user
      or hostname via %u, %h or similar expansion token, then an attacker
      who could supply arbitrary user/hostnames to ssh(1) could potentially
      perform command injection depending on what quoting was present in the
      user-supplied ssh_config(5) directive. ssh(1) now bans most shell
      metacharacters from user and hostnames supplied via the command-line.

 -- Colin Watson <email address hidden>  Thu, 21 Dec 2023 16:09:44 +0000

openssh (1:8.4p1-5+deb11u2) bullseye; urgency=medium

  * Cherry-pick from OpenSSH 9.3p2:
    - [CVE-2023-38408] Fix a condition where specific libraries loaded via
      ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
      execution via a forwarded agent socket (closes: #1042460).

 -- Colin Watson <email address hidden>  Sat, 23 Sep 2023 23:13:51 +0100

openssh (1:8.4p1-5+deb11u1) bullseye; urgency=medium

  * Backport from upstream:
    - Add new pselect6_time64 syscall on 32-bit architectures (closes:
      #1004427).

 -- Colin Watson <email address hidden>  Fri, 01 Jul 2022 23:37:41 +0100

openssh (1:8.4p1-5) unstable; urgency=high

  * CVE-2021-28041: Fix double free in ssh-agent(1) (closes: #984940).

 -- Colin Watson <email address hidden>  Sat, 13 Mar 2021 09:59:40 +0000