Bug 2224014

Summary: openssh-9.3p2 is available
Product: [Fedora] Fedora Reporter: Upstream Release Monitoring <upstream-release-monitoring>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: rawhideCC: crypto-team, dbelyavs, dwalsh, jjelen, js-fedora, lkundrak, mattias.ellert, tm
Target Milestone: ---Keywords: FutureFeature, Security, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-21 15:25:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Upstream Release Monitoring 2023-07-19 14:56:28 UTC 
Releases retrieved: 9.3p2
Upstream release that is considered latest: 9.3p2
Current version/release in rawhide: 9.3p1-3.fc39
URL: https://www.openssh.com

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/2565/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/openssh
Comment 1 Jonathan S. 2023-07-19 16:06:55 UTC 
Increasing this to urgent as this fixes a remote code execution vulnerability: https://www.openssh.com/txt/release-9.3p2

As this was apparently dropped together with a new release without any warning, the package should be updated ASAP.
Comment 2 Dmitry Belyavskiy 2023-07-21 15:25:52 UTC 
Thanks, done