fix: add additional openssh CPE ID

[ffontaine]

CVE-2023-25136 is registered under openssh:openssh CPE ID

[codecov-commenter]

Codecov Report

Merging #3291 (d93e5f4) into main (122f306) will increase coverage by 0.29%.
Report is 1 commits behind head on main.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #3291      +/-   ##
==========================================
+ Coverage   80.62%   80.92%   +0.29%     
==========================================
  Files         724      724              
  Lines       11375    11400      +25     
  Branches     1551     1559       +8     
==========================================
+ Hits         9171     9225      +54     
+ Misses       1778     1750      -28     
+ Partials      426      425       -1     

Flag	Coverage Δ
longtests	80.40% <100.00%> (+4.75%)	⬆️
win-longtests	78.72% <100.00%> (+0.14%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
cve_bin_tool/checkers/openssh.py	100.00% <100.00%> (ø)

... and 10 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[terriko]

The new cpeid makes sense, but every time we get a switch like this I wonder if it's a permanent change or a one-off because someone filed incorrectly. Only time will tell, I guess?

Thanks for spotting it. I wonder if we need some automated stuff that warns us of potential changes like this for the binary checkers? The non-binary ones kind of glom everything with the same name but that has other problems...

[ffontaine]

I don't really understand why NVD has some many different CPE IDs for the same product. They don't even seem to check if there is one in the database before accepting a new one ... Perhaps something could be added to detect a new CPE ID for a given product or to detect deprecation of CPE IDs.