Hello Salvatore, Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > However, the fix for CVE-2023-6004 caused a regression: > > https://gitlab.com/libssh/libssh-mirror/-/issues/227 > > I will monitor this, and include the fix in the security upload once it is > > available (or presumably they'll do a 0.10.7). So if it's alright with you, > > I'll delay the stable-security update for a few days. > > Rigth, it's not that pressing that we get updates out, so let's > monitor this, have 0.10.7 uploaded and exposed as well then to > unstable for a while and then look at bookworm-security. Btw, we will > as well need bullseye-security.
Ack. The fix landed upstream, and they said they won't do a 0.10.7 immediately, so I backported it and uploaded as 0.10.6-2 to sid. I threw the whole cockpit integration test suite at it (which exercises libssh pretty thoroughly via cockpit-ssh), and it is happy. I'll let that simmer for a few days to let it go into testing, and prepare the security updates soon. Martin
