Bug#941810: buster-pu: package openssh/1:7.9p1-10

[Colin Watson <cjwatson@debian.org>]

On Sun, Oct 06, 2019 at 04:22:23PM +0200, Salvatore Bonaccorso wrote:
> On Sat, Oct 05, 2019 at 10:39:29PM +0100, Colin Watson wrote:
> > https://bugs.debian.org/941663 reports an OpenSSH regression on old
> > kernels prompted by the interaction between an OpenSSL update and a
> > seccomp filter; https://bugs.debian.org/941665 and
> > https://github.com/openssh/openssh-portable/pull/149 have more details.
> > The patch is an easy one to cherry-pick, and I've attached the resulting
> > diff.  I'd like approval to upload it.
> > 
> > I'm not sure where's best to upload this to.  Although I've filed this
> > as a stable update request, there's an argument that perhaps it should
> > be issued through the same channels as the OpenSSL update
> > (stable-security and then copied to stable-proposed-updates, according
> > to https://tracker.debian.org/pkg/openssl), so I've CCed team@security.
> > Any advice?
> 
> Okay let's be on the safe side and update openssh for this functional
> regression via buster-security.
> 
> Can you adjust the changelog accordingly and upload to
> security-master? (Make sure to build with -sa, and to not include a
> _{arch}.buildinfo file in case you perform a source only upload).

Done.  I usually get something wrong in the mechanics of doing security
uploads, but maybe I got it right for once.

I don't have a pre-3.19 system around to test this on, but I at least
made sure that an ordinary buster system (with 4.19) is fine.

-- 
Colin Watson                                       [cjwatson@debian.org]