| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2023-48795 | vulnerable | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | The SSH transport protocol with certain OpenSSH extensions, found in O ... |
| CVE-2022-27191 | vulnerable | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ... |
| CVE-2021-43565 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ... |
| CVE-2020-29652 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | A nil pointer dereference in the golang.org/x/crypto/ssh component thr ... |
| CVE-2020-9283 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ... |
| CVE-2017-3204 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | The Go SSH library (x/crypto/ssh) by default does not verify host keys ... |