Bug#1099091: openssh-server: openssh packages 1:9.2p1-2+deb12u5 in bookworm-security depend on unavailable libssl version

Fri, 28 Feb 2025 02:02:03 -0800 

Package: openssh-server
Version: 1:9.2p1-2+deb12u5
Severity: important

Dear Maintainer,

The 1:9.2p1-2+deb12u5 version of openssh packages in bookworm-security and 
bookworm-proposed-updates are uninstallable on bookworm, since they strictly 
depend on a libssl version unavailable on bookworm. This poses a security 
problem, since one is either stuck with the older version in bookworm 
(containing bugs that were fixed in this release) or has to install/backport 
libssl from trixie/sid.
A plain simple recompile, without source changes, on a "clean" bookworm system 
that does not contain the trixie/sid version of openssl is sufficient to fix 
dependencies (I did this on my systems).


Thanks in advance, best regards
Giacomo Mulas


-- System Information:
Debian Release: 12.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (105, 
'proposed-updates'), (104, 'stable'), (101, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-31-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                    3.134
ii  cdebconf [debconf-2.0]     0.270
ii  debconf [debconf-2.0]      1.5.82
ii  init-system-helpers        1.65.2
ii  libaudit1                  1:3.0.9-1
ii  libc6                      2.36-9+deb12u7
ii  libcom-err2                1.47.0-2
ii  libcrypt1                  1:4.4.33-2
ii  libgssapi-krb5-2           1.20.1-2+deb12u2
ii  libkrb5-3                  1.20.1-2+deb12u2
ii  libpam-modules             1.5.2-6+deb12u1
ii  libpam-runtime             1.5.2-6+deb12u1
ii  libpam0g                   1.5.2-6+deb12u1
ii  libselinux1                3.4-1+b6
ii  libssl3                    3.0.14-1~deb12u2
ii  libsystemd0                252.33-1~deb12u1
ii  libwrap0                   7.6.q-32
ii  lsb-base                   11.6
ii  openssh-client             1:9.2p1-2+deb12u5
ii  openssh-sftp-server        1:9.2p1-2+deb12u5
ii  procps                     2:4.0.2-3
ii  runit-helper               2.15.2
ii  sysvinit-utils [lsb-base]  3.06-4
ii  ucf                        3.0043+nmu1+deb12u1
ii  zlib1g                     1:1.2.13.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  252.33-1~deb12u1
ii  ncurses-term             6.4-4
ii  xauth                    1:1.1.2-1

Versions of packages openssh-server suggests:
ii  ksshaskpass [ssh-askpass]             4:5.27.5-2
ii  kwalletcli [ssh-askpass]              3.03-1
ii  molly-guard                           0.7.2
pn  monkeysphere                          <none>
ii  ssh-askpass                           1:1.2.4.1-16
ii  ssh-askpass-fullscreen [ssh-askpass]  1.3-1
ii  ssh-askpass-gnome [ssh-askpass]       1:9.2p1-2+deb12u5
pn  ufw                                   <none>

-- debconf information excluded

Reply via email to