CVE-2008-3234

Name	CVE-2008-3234
Description	sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openssh (PTS)	bullseye (security), bullseye	1:8.4p1-5+deb11u3	vulnerable
	bookworm, bookworm (security)	1:9.2p1-2+deb12u3	vulnerable
	sid, trixie	1:9.9p1-3	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openssh	source	(unstable)	(unfixed)	unimportant

this is by design