{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "openssh-client", "openssh-server", "openssh-sftp-server" ] } }, "diff": { "deb": [ { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.13", "version": "1:8.9p1-3ubuntu0.13" }, "cves": [ { "cve": "CVE-2025-32728", "url": "https://ubuntu.com/security/CVE-2025-32728", "cve_description": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "cve_priority": "medium", "cve_public_date": "2025-04-10 02:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2028282 ], "changes": [ { "cves": [ { "cve": "CVE-2025-32728", "url": "https://ubuntu.com/security/CVE-2025-32728", "cve_description": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "cve_priority": "medium", "cve_public_date": "2025-04-10 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect DisableForwarding directive behaviour", " - debian/patches/CVE-2025-32728.patch: fix logic error in session.c.", " - CVE-2025-32728", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 11 Apr 2025 08:05:47 -0400" }, { "cves": [], "log": [ "", " * d/p/gssapi.patch: Fix interaction between gssapi-keyex and pubkey auth", " (LP: #2028282)", " Don't prefer host-bound public key signatures if there was no initial", " host key, as is the case when using GSS-API key exchange.", " Thanks to Colin Watson for providing patches via Debian Salsa (7d291bb)", " + d/t/ssh-gssapi: Fix typo in autopkgtest", " + d/t/ssh-gssapi: Test interaction between gssapi-keyex and pubkey auth.", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.12", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2028282 ], "author": "Lukas Märdian ", "date": "Mon, 10 Mar 2025 16:56:45 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.13", "version": "1:8.9p1-3ubuntu0.13" }, "cves": [ { "cve": "CVE-2025-32728", "url": "https://ubuntu.com/security/CVE-2025-32728", "cve_description": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "cve_priority": "medium", "cve_public_date": "2025-04-10 02:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2028282 ], "changes": [ { "cves": [ { "cve": "CVE-2025-32728", "url": "https://ubuntu.com/security/CVE-2025-32728", "cve_description": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "cve_priority": "medium", "cve_public_date": "2025-04-10 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect DisableForwarding directive behaviour", " - debian/patches/CVE-2025-32728.patch: fix logic error in session.c.", " - CVE-2025-32728", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 11 Apr 2025 08:05:47 -0400" }, { "cves": [], "log": [ "", " * d/p/gssapi.patch: Fix interaction between gssapi-keyex and pubkey auth", " (LP: #2028282)", " Don't prefer host-bound public key signatures if there was no initial", " host key, as is the case when using GSS-API key exchange.", " Thanks to Colin Watson for providing patches via Debian Salsa (7d291bb)", " + d/t/ssh-gssapi: Fix typo in autopkgtest", " + d/t/ssh-gssapi: Test interaction between gssapi-keyex and pubkey auth.", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.12", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2028282 ], "author": "Lukas Märdian ", "date": "Mon, 10 Mar 2025 16:56:45 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.13", "version": "1:8.9p1-3ubuntu0.13" }, "cves": [ { "cve": "CVE-2025-32728", "url": "https://ubuntu.com/security/CVE-2025-32728", "cve_description": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "cve_priority": "medium", "cve_public_date": "2025-04-10 02:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2028282 ], "changes": [ { "cves": [ { "cve": "CVE-2025-32728", "url": "https://ubuntu.com/security/CVE-2025-32728", "cve_description": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "cve_priority": "medium", "cve_public_date": "2025-04-10 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect DisableForwarding directive behaviour", " - debian/patches/CVE-2025-32728.patch: fix logic error in session.c.", " - CVE-2025-32728", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 11 Apr 2025 08:05:47 -0400" }, { "cves": [], "log": [ "", " * d/p/gssapi.patch: Fix interaction between gssapi-keyex and pubkey auth", " (LP: #2028282)", " Don't prefer host-bound public key signatures if there was no initial", " host key, as is the case when using GSS-API key exchange.", " Thanks to Colin Watson for providing patches via Debian Salsa (7d291bb)", " + d/t/ssh-gssapi: Fix typo in autopkgtest", " + d/t/ssh-gssapi: Test interaction between gssapi-keyex and pubkey auth.", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.12", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2028282 ], "author": "Lukas Märdian ", "date": "Mon, 10 Mar 2025 16:56:45 +0100" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20250423 to 20250424", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250423", "to_serial": "20250424", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }