On Mon, Jan 13, 2020 at 03:30:28PM +0100, Salvatore Bonaccorso wrote: > On Sun, Jan 12, 2020 at 12:24:14AM +0000, Colin Watson wrote: > > https://bugs.debian.org/946242 reports an OpenSSH regression on old > > kernels on certain architectures (e.g. i386) prompted by the interaction > > between an OpenSSL update and a seccomp filter. It's essentially the > > same as https://bugs.debian.org/941663, but at the time we didn't notice > > that the exact set of syscalls involved varies between architectures due > > to details of how the shm* library functions are implemented in glibc. > > I've attached the diff and would like approval to upload it. > > > > In https://bugs.debian.org/941810 we decided that it was best to issue > > this via buster-security; I think that would be the correct thing to do > > here as well, so I've CCed team@security. However, I'm filing this as a > > stable update request just in case there's disagreement about that for > > some reason. > > I would actually say or propose to do it via the next point release. > Back when we decided there was the introduction just introduced due to > the openssl update. But now we have even a scheduled date for the next > point release, and the problem affects a very specific usecase on some > architectures. > > Please let know if you disagree on this approach!
I don't much mind either way and am happy enough to do it via a point release, so I'll await an SRM response here. Thanks, -- Colin Watson [cjwat...@debian.org]
