From 186726132aef8581eb6b11139a7e30d9b0e29dd8 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Sun, 24 Dec 2023 22:09:25 -0800
Subject: [PATCH] openssh: Upgrade to 8.4p1-5+deb11u3

Upgrade the three subpackages openssh-client openssh-server
openssh-sftp-server to 8.4p1-5+deb11u3 to fix CVE issues
CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617

Refer to:
https://www.debian.org/security/2023/dsa-5586
https://www.tenable.com/plugins/nessus/187289
https://www.tenable.com/plugins/nessus/187213
https://nvd.nist.gov/vuln/detail/CVE-2023-51384
https://nvd.nist.gov/vuln/detail/CVE-2023-28531
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://nvd.nist.gov/vuln/detail/CVE-2023-51385
https://nvd.nist.gov/vuln/detail/CVE-2021-41617

TestPlan:
PASS: downloader; build-pkgs; build-image
PASS: Jenkins Installation

Closes-Bug: 2047315

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Change-Id: I1c5ca1ef41a29a23b9acea3a849c390e252bcdac
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index 373e35c9..54c83293 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -810,9 +810,9 @@ ntp  1:4.2.8p15+dfsg-1
 ntpdate  1:4.2.8p15+dfsg-1
 nvme-cli  1.12-5
 open-iscsi  2.1.3-5
-openssh-client  1:8.4p1-5+deb11u2 https://snapshot.debian.org/archive/debian/20230925T090110Z/pool/main/o/openssh/openssh-client_8.4p1-5%2Bdeb11u2_amd64.deb
-openssh-server 1:8.4p1-5+deb11u2 https://snapshot.debian.org/archive/debian/20230925T090110Z/pool/main/o/openssh/openssh-server_8.4p1-5%2Bdeb11u2_amd64.deb
-openssh-sftp-server 1:8.4p1-5+deb11u2 https://snapshot.debian.org/archive/debian/20230925T090110Z/pool/main/o/openssh/openssh-sftp-server_8.4p1-5%2Bdeb11u2_amd64.deb
+openssh-client  1:8.4p1-5+deb11u3 https://snapshot.debian.org/archive/debian/20231224T085540Z/pool/main/o/openssh/openssh-client_8.4p1-5%2Bdeb11u3_amd64.deb
+openssh-server 1:8.4p1-5+deb11u3 https://snapshot.debian.org/archive/debian/20231224T085540Z/pool/main/o/openssh/openssh-server_8.4p1-5%2Bdeb11u3_amd64.deb
+openssh-sftp-server 1:8.4p1-5+deb11u3 https://snapshot.debian.org/archive/debian/20231224T085540Z/pool/main/o/openssh/openssh-sftp-server_8.4p1-5%2Bdeb11u3_amd64.deb
 openssl  1.1.1n-0+deb11u5 https://snapshot.debian.org/archive/debian/20230611T210420Z/pool/main/o/openssl/openssl_1.1.1n-0%2Bdeb11u5_amd64.deb
 original-awk  2018-08-27-1
 ovmf  2020.11-2+deb11u1