Bug#1059005: libssh2: CVE-2023-48795

2024-01-04 Thread Salvatore Bonaccorso
Hi Nicolas, On Thu, Jan 04, 2024 at 03:38:29PM -0500, Nicolas Mora wrote: > Hello, > > I've uploaded a new package with the patch for unstable, instead of > waiting for the new upstream release. I didn't want the holidays and > the new release process to delay the fix too much... Thanks, have se

Bug#1059005: libssh2: CVE-2023-48795

2024-01-04 Thread Nicolas Mora
Hello, I've uploaded a new package with the patch for unstable, instead of waiting for the new upstream release. I didn't want the holidays and the new release process to delay the fix too much...

Bug#1059005: libssh2: CVE-2023-48795

2023-12-19 Thread Nicolas Mora
Hello, Le 2023-12-19 à 15 h 13, Salvatore Bonaccorso a écrit : I'll prepare a fix for unstable then, thanks! Looking from the commit activity in the upstream repository and last commits touching the release notes I guess upstream is finalizing a new release? If so it might be worth to just g

Bug#1059005: libssh2: CVE-2023-48795

2023-12-19 Thread Salvatore Bonaccorso
Hello, On Tue, Dec 19, 2023 at 03:04:35PM -0500, Nicolas Mora wrote: > Hello, > > Le 2023-12-19 à 14 h 32, Salvatore Bonaccorso a écrit : > > > > It's not the same version :). > > > > bookworm has 0.10.0 based version, whereas in testing and bove we have > > 1.11.0 based one. For bookworm and o

Bug#1059005: libssh2: CVE-2023-48795

2023-12-19 Thread Nicolas Mora
Hello, Le 2023-12-19 à 14 h 32, Salvatore Bonaccorso a écrit : It's not the same version :). bookworm has 0.10.0 based version, whereas in testing and bove we have 1.11.0 based one. For bookworm and older there is no haCha20-Poly1305 and CBC-EtM support, which was only introduced after the 0.1

Bug#1059005: libssh2: CVE-2023-48795

2023-12-19 Thread Salvatore Bonaccorso
Hi Nicolas, On Tue, Dec 19, 2023 at 01:35:50PM -0500, Nicolas Mora wrote: > Hello, thanks for the notification! > > Le 2023-12-19 à 03 h 26, Salvatore Bonaccorso a écrit : > > Source: libssh2 > > Version: 1.11.0-3 > > Severity: important > > Tags: security upstream > > Forwarded: https://github.c

Bug#1059005: libssh2: CVE-2023-48795

2023-12-19 Thread Nicolas Mora
Hello, thanks for the notification! Le 2023-12-19 à 03 h 26, Salvatore Bonaccorso a écrit : Source: libssh2 Version: 1.11.0-3 Severity: important Tags: security upstream Forwarded: https://github.com/libssh2/libssh2/issues/1290 X-Debbugs-Cc: car...@debian.org, Debian Security Team I've noticed

Bug#1059005: libssh2: CVE-2023-48795

2023-12-19 Thread Salvatore Bonaccorso
Source: libssh2 Version: 1.11.0-3 Severity: important Tags: security upstream Forwarded: https://github.com/libssh2/libssh2/issues/1290 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libssh2. CVE-2023-48795[0]: | The SSH transport protoco