Package "openssh-server"

  openssh (1:9.6p1-3ubuntu13.9) noble; urgency=medium

  [ Lukas Märdian ]
  * d/p/gssapi.patch: Fix interaction between gssapi-keyex and pubkey auth
    (LP: #2028282)
    Don't prefer host-bound public key signatures if there was no initial
    host key, as is the case when using GSS-API key exchange.
    Thanks to Colin Watson for providing patches via Debian Salsa (7d291bb)
    + d/t/ssh-gssapi: Fix typo in autopkgtest
    + d/t/ssh-gssapi: Test interaction between gssapi-keyex and pubkey auth.

  [ Nick Rosbrook ]
  * sshd-socket-generator: do not parse server match config
    (LP: #2076023)

 -- Nick Rosbrook <email address hidden> Mon, 24 Feb 2025 16:25:09 -0500

  openssh (1:9.6p1-3ubuntu13.8) noble-security; urgency=medium

  * SECURITY UPDATE: MitM with VerifyHostKeyDNS option
    - debian/patches/CVE-2025-26465.patch: fix error code handling in
      krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.
    - CVE-2025-26465
  * SECURITY UPDATE: pre-authentication denial of service
    - debian/patches/CVE-2025-26466.patch: don't reply to PING in preauth
      or in KEX in packet.c.
    - CVE-2025-26466
  * NOTE: this package does _not_ contain the changes from
    (1:9.6p1-3ubuntu13.7) in noble-proposed.

 -- Marc Deslauriers <email address hidden> Tue, 11 Feb 2025 08:41:04 -0500

  openssh (1:9.6p1-3ubuntu13.7) noble; urgency=medium

  * d/t/sshd-socket-generator: run test_match_on_port test
    The test case was added to verify the fix for LP: 2076023,
    but it is not actually executed at the moment. Now that
    it does run, fix the grep commands used.

  openssh (1:9.6p1-3ubuntu13.5) noble-proposed; urgency=medium

  * SRU: LP: #2076340: No-change rebuild to pick up changed build flags
    on ppc64 and s390x.

 -- Matthias Klose <email address hidden> Fri, 09 Aug 2024 04:33:22 +0200