Got it. Thanks for the info! Yes, we can make this bug public. ** Information type changed from Private Security to Public
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2129742 Title: CVE-2025-61984 could lead to code execution Status in openssh package in Ubuntu: New Bug description: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) https://ubuntu.com/security/CVE-2025-61984 When would the fix be released for this CVE, as it is a code execution vulnerability? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2129742/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
