$ #apt #changelog <Paketname>

z.B.
$ apt changelog openssh-server

openssh (1:9.2p1-2+deb12u1) bookworm; urgency=medium

* Cherry-pick from OpenSSH 9.3p2:
- [CVE-2023-38408] Fix a condition where specific libraries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket (closes: #1042460).

-- Colin Watson <cjwatson@debian.org> Sat, 23 Sep 2023 23:11:33 +0100

openssh (1:9.2p1-2) unstable; urgency=medium

* Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.

-- Colin Watson <cjwatson@debian.org> Wed, 08 Feb 2023 10:43:07 +0000

openssh (1:9.2p1-1) unstable; urgency=medium

* Set "UsePAM yes" when running regression tests, to match our default
sshd configuration.
* Ignore Lintian error about depending on lsb-base for now, to avoid
problems with partial upgrades on non-default init systems.
* New upstream release (https://www.openssh.com/releasenotes.html#9.2p1):
- [SECURITY] sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be exploitable, and
it occurs in the unprivileged pre-auth process that is subject to
chroot(2) and is further sandboxed on most major platforms.
- [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen
option would ignore its first argument unless it was one of the
special keywords "any" or "none", causing the permission list to fail
open if only one permission was specified.
- [SECURITY] ssh(1): if the CanonicalizeHostname and
CanonicalizePermittedCNAMEs options were enabled, and the system/libc
resolver did not check that names in DNS responses were valid, then
.....