Your message dated Sat, 04 Jul 2026 17:00:06 +0000
with message-id <[email protected]>
and subject line Bug#1107214: fixed in sslh 2.3.1-1
has caused the Debian Bug report #1107214,
regarding sslh: CVE-2025-46806
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107214
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sslh
Version: 2.1.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for sslh.
CVE-2025-46806[0]:
| A Use of Out-of-range Pointer Offset vulnerability in sslh leads to
| denial of service on some architectures.This issue affects sslh
| before 2.2.4.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-46806
https://www.cve.org/CVERecord?id=CVE-2025-46806
[1]
https://github.com/yrutschle/sslh/commit/204305a88fb32cffaf1349253a2b052186ca8d39
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sslh
Source-Version: 2.3.1-1
Done: Don Armstrong <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sslh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Don Armstrong <[email protected]> (supplier of updated sslh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Jul 2026 12:19:39 -0700
Source: sslh
Architecture: source
Version: 2.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Don Armstrong <[email protected]>
Changed-By: Don Armstrong <[email protected]>
Closes: 1032502 1107213 1107214 1108284 1136940
Changes:
sslh (2.3.1-1) unstable; urgency=medium
.
* New upstream release. (Closes: #1136940)
- Fixes CVE-2025-46806 (Closes: #1107214)
- Fixes CVE-2025-46807 (Closes: #1107213)
- Fixes CVE-2025-52936 (Closes: #1108284)
* Revamp avoidance of libconf-libconfig-perl to have a libconfig
rec-descent parser and also pick an unused port.
* Fix unsatisfiable cross Build-Depends, thanks to Helmut Grohne
(Closes: #1032502).
Checksums-Sha1:
d7da8f9c414db0d071052c5c1758afeadc598681 2189 sslh_2.3.1-1.dsc
02432ba44622b04dc5986447db8e083e15292133 535781 sslh_2.3.1.orig.tar.gz
49ec6172ca82b742e89491969fc8e1c5ea46520c 20988 sslh_2.3.1-1.debian.tar.xz
23fed6323a086e362094a665af10d9e882dd8a38 9051 sslh_2.3.1-1_amd64.buildinfo
Checksums-Sha256:
eb78a6571334d80648d887e0fa813415574b006b1d3e0d1a627d1e1e5ab76378 2189
sslh_2.3.1-1.dsc
416b401cf8f0a43b575f7a1571bafd5375401d741833b27918aaecb200445f92 535781
sslh_2.3.1.orig.tar.gz
eb20035311ae8be56f8acfbfad80106c8929588d7651c4642561e1a954e0dcbe 20988
sslh_2.3.1-1.debian.tar.xz
ad7a938838e7e115c61344aae4212f9fde668a192aab05f7d800b40807049b2a 9051
sslh_2.3.1-1_amd64.buildinfo
Files:
ad3a29f9efc4327e1b1325eb6bd1088e 2189 net optional sslh_2.3.1-1.dsc
9fd6fe18e57e5f6dd12b42e28475b6db 535781 net optional sslh_2.3.1.orig.tar.gz
b4ea298c6ece6c18fb0d009eebd9e36b 20988 net optional sslh_2.3.1-1.debian.tar.xz
738d1f52d3f93df11c0047461a366bcf 9051 net optional sslh_2.3.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE5LM+VK44JFjLfWEcOHr4psy3gqMFAmpIkecACgkQOHr4psy3
gqOFdQ//RPzffh4PWTblMB+JdGGPXh6QE7wEHyj9FZdEW7wEtakdCcByDz4Oq26V
a8TVh+iSGHhFgYOOM5oy6CtuAAP9K8m5X9R54PIGg4jL4gebKHrGLPKI6YwKcZ5W
YAXTg1M4T7aAg91rbuhlP1Jgbz+ZmTmJKWvp4hn9T+ZS4XEJ6TOS7ASw7IjNapNV
VDvBnWLrDAhZ3ruEwGEFNO8MC0l/fCMht5iKTjnAt7oHPve/90Yd0EFioexJj9Ba
CTMBouyDaO3e8pEacIgwmRgYDMhwLQ3x0VeyTMS49JXkII9Og5wxUQ7RyHDEQQJ9
QrktQ8uoZiTj6/FuegcE5TwFIngrIQWeaPvT7hxFkIYW18Rr9OUj4lzL3YgMzVR6
AZsogro+XuEzw6/hifZRkXnLnXXM/d/R5rA4cjFjTF5ncfmWB1S3f+Y4F2V8n+/y
mduv8ERLCBpxiJBg9zJ4bXhNzYyxuZeBsKbgNEqPUDyNexZCrOlc3wsrvKHz5tLj
C0jCSDD45j43vvLnPs0pzemRkONPwyEY6TAE1YNTV1of1fnwG/6OSuWvkzpYIic6
mSWx7h5J52i+aeHbd1xvEg1OknvSpnn/Xhf8Pz7kUCcvEHMqvqinXujgTQUUSFGq
jvuQiilepp7ln3PKqm4UC9fQXVHn2loqgROPIrLfeU5kDWKsABc=
=o1PA
-----END PGP SIGNATURE-----
pgpSiFyOvsxS8.pgp
Description: PGP signature
--- End Message ---