1. Forum
  2. Usenet
  3. LINUX.DEBIAN.SECURITY

  • libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795

    From Sean Whitton@21:1/5 to All on Sun Dec 24 10:30:01 2023
    Hello,

    I have taken responsibility for fixing these CVEs in libssh in buster,
    as part of Freexian-funded LTS work. I would like to see if I can help
    get them fixed in bullseye & bookworm in parallel, to avoid a situation
    where they're fixed in buster but not fixed in releases to which LTS
    users might soon upgrade their machines.

    I see the fixes are all in sid. Are you expecting to issue DSAs for
    bullseye and bookworm? I would be grateful for some information on the
    sec team's plans for these fixes.

    Thanks!

    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmWH9eQZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQMPHD/4jQKsJ3530UtOwnCO1wx60 Sw/lBwbIs5fl1EIeqe+8lLA3YL1gKLhrmQJO1AwAnmowGdhautiC2i9JZMmJ6lCT wawU8Yrokl++RGOsjde3gWfuTnUkMOkg/kCDuuyEw45LCJ8I5WZCiHpwMBUkD9qt WP+PW9lHLCNPiVVWF7Mwnp5IpjPPeRmRoGHLCkwS81ZN3f7UbQ5tyBjUlwBXN3ff 6TgKfQ/4AG9zGxeEDqhKPPjIxMrQmrvXpdwegY0IhlmOTj3xkHPCjCCOFPItwyWV hk7Q92krnF4HJUtrvhPbpcqhX6LAd13PMRpgfscVNNYH3pBLiFH8D+q/XvmP1l2X TW7mytpNnKngG2ZUkr5GJ554c9Y0L1aP4P3B0JHvcOTpehOuPIXfEfDQfXZq+vVF pfD0CbTkarEcDQg8TbX23skqHWUNKTEbg07Vnyv0OMyZEvuaYRpK6ONZVbg2zLtV OMT7TWfq/rOoncolofFOgY1gpEqtMS2VPA/2VbO9lE+e5I6U9xMB5X84uFFVBVJY J0TfjnOsdqON4QcdiTjLOt76ZC8SnwCYdOF1kMF1KXc6bSHPISZ+3G7gsAmaoC2u 8PhaLpXc4gmjEvZMGYbjkmu2cubUZ4uGMB+TEqAEc6hhQOfszwXhayqXIjL4XCbM a7H0SNKUU11kMR25ePNSuw==OF9V
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Us