Your message dated Tue, 20 Jun 2023 00:27:28 +0000
with message-id <>
and subject line Bug#1034425: fixed in openssh 1:9.3p1-1
has caused the Debian Bug report #1034425,
regarding openssh: incorrection in changelog date
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Source: openssh
Version: 1:9.1p1-2
Severity: minor

I have no idea what possessed you to fix the dates on those
20-year-old changelog entries, but since you care ... 1:3.0.2p1-2 is
still wrong.

The correct fix was not s/Sat/Sun/ but s/2003/2002/.

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:9.3p1-1
Done: Colin Watson <>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Colin Watson <> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA256

Format: 1.8
Date: Tue, 20 Jun 2023 01:01:48 +0100
Source: openssh
Architecture: source
Version: 1:9.3p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <>
Changed-By: Colin Watson <>
Closes: 909022 959726 1001186 1033166 1033178 1034425
 openssh (1:9.3p1-1) unstable; urgency=medium
   * Debconf translations:
     - Romanian (thanks, Remus-Gabriel Chelu; closes: #1033178).
   * Properly fix date of 1:3.0.2p1-2 changelog entry (closes: #1034425).
   * New upstream release (
     - [CVE-2023-28531] ssh-add(1): when adding smartcard keys to
       ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...)
       added in OpenSSH 8.9, a logic error prevented the constraints from
       being communicated to the agent. This resulted in the keys being added
       without constraints. The common cases of non-smartcard keys and keys
       without destination constraints are unaffected. This problem was
       reported by Luci Stanescu (closes: #1033166).
     - [SECURITY] ssh(1): Portable OpenSSH provides an implementation of the
       getrrsetbyname(3) function if the standard library does not provide
       it, for use by the VerifyHostKeyDNS feature. A specifically crafted
       DNS response could cause this function to perform an out-of-bounds
       read of adjacent stack data, but this condition does not appear to be
       exploitable beyond denial-of-service to the ssh(1) client.
     - ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
       outputting SSHFP fingerprints to allow algorithm selection.
     - sshd(8): add a `sshd -G` option that parses and prints the effective
       configuration without attempting to load private keys and perform
       other checks. This allows usage of the option before keys have been
       generated and for configuration evaluation and verification by
       unprivileged users.
     - scp(1), sftp(1): fix progressmeter corruption on wide displays.
     - ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability of
       private keys as some systems are starting to disable RSA/SHA1 in
     - sftp-server(8): fix a memory leak.
     - ssh(1), sshd(8), ssh-keyscan(1): remove vestigial protocol
       compatibility code and simplify what's left.
     - Fix a number of low-impact Coverity static analysis findings.
     - ssh_config(5), sshd_config(5): mention that some options are not
     - Rework logging for the regression tests. Regression tests will now
       capture separate logs for each ssh and sshd invocation in a test.
     - ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage says
       it should.
     - ssh(1): ensure that there is a terminating newline when adding a new
       entry to known_hosts.
     - sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
       mmap(2), madvise(2) and futex(2) flags, removing some concerning
       kernel attack surface.
   * debian/README.Debian: Clarify that you need to restart ssh.socket after
     overriding its ListenStream= option (LP: #2020560).
   * debian/openssh-server.postinst: Use "sshd -G" to parse the server
     configuration file (closes: #959726).
   * Fix incorrect RRSET_FORCE_EDNS0 flags validation in SSHFP DNSSEC patch
     (thanks, Ben Hutchings; closes: #909022).
   * Always use the internal mkdtemp implementation, since it substitutes
     more randomness into the template string than glibc's version (closes:
 ab3a7ebc6246958e15896b814213ca3e6a612f63 3312 openssh_9.3p1-1.dsc
 610959871bf8d6baafc3525811948f85b5dd84ab 1856839 openssh_9.3p1.orig.tar.gz
 31e40d5a0769d4febc8493f354b273eff0d9cab5 833 openssh_9.3p1.orig.tar.gz.asc
 b989715aa2088f32af0845b5fb6a116e80598028 183616 openssh_9.3p1-1.debian.tar.xz
 a16311299ca945c2818aa4a4f2847c70a68eb3a677cfef1efd2837c4ba05faff 3312 
 e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8 1856839 
 6d96d2ff60d8d3545f0fa1709cb4c273d9a2fe086afa90f70951cffc01c8fa68 833 
 523656c543f08138ad65665020b34ec157fefc0117bf8b81fbea57655b73e463 183616 
 6bda98b24abb25577ce0cdd42ac849da 3312 net standard openssh_9.3p1-1.dsc
 3430d5e6e71419e28f440a42563cb553 1856839 net standard openssh_9.3p1.orig.tar.gz
 8a1aef9314a4224cf3f2936430733796 833 net standard openssh_9.3p1.orig.tar.gz.asc
 9ce700b7d9908a542ffdb28dab37387a 183616 net standard 



--- End Message ---

Reply via email to