Source: openssh Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for openssh. CVE-2021-28041[0]: | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant | in a few less-common scenarios, such as unconstrained agent-socket | access on a legacy operating system, or the forwarding of an agent to | an attacker-controlled host. Buster is not affected. Isolated patch at: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db Cheers, Moritz