Comment 2 for bug 2047315

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/904420
Committed: https://opendev.org/starlingx/tools/commit/186726132aef8581eb6b11139a7e30d9b0e29dd8
Submitter: "Zuul (22348)"
Branch: master

commit 186726132aef8581eb6b11139a7e30d9b0e29dd8
Author: Zhixiong Chi <email address hidden>
Date: Sun Dec 24 22:09:25 2023 -0800

    openssh: Upgrade to 8.4p1-5+deb11u3

    Upgrade the three subpackages openssh-client openssh-server
    openssh-sftp-server to 8.4p1-5+deb11u3 to fix CVE issues
    CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617

    Refer to:
    https://www.debian.org/security/2023/dsa-5586
    https://www.tenable.com/plugins/nessus/187289
    https://www.tenable.com/plugins/nessus/187213
    https://nvd.nist.gov/vuln/detail/CVE-2023-51384
    https://nvd.nist.gov/vuln/detail/CVE-2023-28531
    https://nvd.nist.gov/vuln/detail/CVE-2023-48795
    https://nvd.nist.gov/vuln/detail/CVE-2023-51385
    https://nvd.nist.gov/vuln/detail/CVE-2021-41617

    TestPlan:
    PASS: downloader; build-pkgs; build-image
    PASS: Jenkins Installation

    Closes-Bug: 2047315

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: I1c5ca1ef41a29a23b9acea3a849c390e252bcdac