Control: tags -1 + moreinfo
Hi,
On Fri, Feb 28, 2025 at 10:09:51AM +0100, Giacomo Mulas wrote:
> Package: openssh-server
> Version: 1:9.2p1-2+deb12u5
> Severity: important
>
> The 1:9.2p1-2+deb12u5 version of openssh packages in bookworm-security and
> bookworm-proposed-updates are uninstallable on bookworm, since they strictly
> depend on a libssl version unavailable on bookworm. This poses a security
> problem, since one is either stuck with the older version in bookworm
> (containing bugs that were fixed in this release) or has to install/backport
> libssl from trixie/sid.
This is the Depends from openssh-server in
bookworm-proposed-updates:
Package: openssh-server
Source: openssh
Version: 1:9.2p1-2+deb12u5
...
Depends: ..., libssl3 (>= 3.0.15), ...
However this is fine, as bookworm already has libssl3
3.0.15-1~deb12u1. Note that it's really in bookworm, not in
bookworm-security.
> Versions of packages openssh-server depends on:
[..]
> ii libssl3 3.0.14-1~deb12u2
Your system seems to be missing out on packages that are _in_
bookworm ("stable").
Hope this helps,
Chris
