0008826: Openssh 9.7p1-7 》9.8p1 Upgrade Request

ID	Project	Category	View Status	Date Submitted	Last Update

0008826	Kali Linux	Tool Upgrade Request	public	2024-07-17 18:03	2024-07-18 07:49

Reporter	adsmr5	Assigned To	daniruiz
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	not fixable

Summary	0008826: Openssh 9.7p1-7 》9.8p1 Upgrade Request
Description	There is a high severity vulnerability in Openssh 9.7p1-1, CVE-2024-39894. https://nvd.nist.gov/vuln/detail/CVE-2024-39894. According to Debian, 9.7p1-7 is a version affected by this vulnerability. https://security-tracker.debian.org/tracker/CVE-2024-39894 Can the 9.8p1 package be made available for Kali please? According to OpenSSH themselves, that is a fixed version. Case 0008810 is for a different CVE.

Date Modified	Username	Field	Change
2024-07-17 18:03	adsmr5	New Issue
2024-07-18 07:49	daniruiz	Note Added: 0019557
2024-07-18 07:49	daniruiz	Assigned To	=> daniruiz
2024-07-18 07:49	daniruiz	Status	new => closed
2024-07-18 07:49	daniruiz	Resolution	open => not fixable

daniruiz 2024-07-18 07:49 manager ~0019557	We provide this package unmodified from Debian. So you should verify that you can reproduce those issues in Debian and then report them to Debian (or to the upstream project directly). See https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/ We don't have the manpower to investigate those issues ourselves.