CVE-2021-41617

ian-weisser · May 31, 2023, 12:08pm

https://ubuntu.com/security/CVE-2021-41617 is showing as “Needed” in several releases.

According to https://launchpad.net/ubuntu/jammy/+source/openssh/+changelog, 06 Nov 2021, this patch was backported to Debian in openssh 8.5, marked fixed by cjwatson, and merged to Ubuntu in openssh (1:8.7p1-1).

So Ubuntu shows it not-fixed, and Debian shows it fixed.

This discrepancy popped up as a question in AskUbuntu: https://askubuntu.com/questions/1470115

mdeslaur · May 31, 2023, 12:42pm

Thanks. Looks like nobody had updated the status on that CVE in a while. I’ve updated it now, jammy and kinetic are indeed not affected by the CVE.