Bug#1059061: libssh: CVE-2023-6004

2023-12-28 Thread Salvatore Bonaccorso
Hi Martin, On Tue, Dec 26, 2023 at 10:01:44AM +0100, Martin Pitt wrote: > Hey Salvatore, > > Salvatore Bonaccorso [2023-12-25 20:50 +0100]: > > For tracking + archiving purpose it would be good if the debdiff can > > be attached here as well, but realize the size might be a bit off. > > Attachin

Bug#1059061: libssh: CVE-2023-6004

2023-12-25 Thread Salvatore Bonaccorso
Hi Martin, On Mon, Dec 25, 2023 at 11:25:18AM +0100, Martin Pitt wrote: > Hello Salvatore and all, > > Salvatore Bonaccorso [2023-12-22 20:34 +0100]: > > On Fri, Dec 22, 2023 at 04:39:46PM +0100, Martin Pitt wrote: > > > Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > > > > However, the fix fo

Bug#1059061: libssh: CVE-2023-6004

2023-12-25 Thread Martin Pitt
Martin Pitt [2023-12-25 11:25 +0100]: > The new upstream release plus regression fix have propagated to testing, to > Ubuntu devel, and also is progressing well into Fedora. By now the tests have > validated it enough for me to be confident in the fixes. > > I prepared the security update for Debia

Bug#1059061: libssh: CVE-2023-6004

2023-12-25 Thread Martin Pitt
Hello Salvatore and all, Salvatore Bonaccorso [2023-12-22 20:34 +0100]: > On Fri, Dec 22, 2023 at 04:39:46PM +0100, Martin Pitt wrote: > > Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > > > However, the fix for CVE-2023-6004 caused a regression: > > > > https://gitlab.com/libssh/libssh-mirror/

Bug#1059061: libssh: CVE-2023-6004

2023-12-22 Thread Salvatore Bonaccorso
Hi Martin, On Fri, Dec 22, 2023 at 04:39:46PM +0100, Martin Pitt wrote: > Hello Salvatore, > > Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > > However, the fix for CVE-2023-6004 caused a regression: > > > https://gitlab.com/libssh/libssh-mirror/-/issues/227 > > > I will monitor this, and inc

Bug#1059061: libssh: CVE-2023-6004

2023-12-22 Thread Martin Pitt
Hello Salvatore, Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > However, the fix for CVE-2023-6004 caused a regression: > > https://gitlab.com/libssh/libssh-mirror/-/issues/227 > > I will monitor this, and include the fix in the security upload once it is > > available (or presumably they'll d

Bug#1059061: libssh: CVE-2023-6004

2023-12-22 Thread Salvatore Bonaccorso
Hi Martin, On Fri, Dec 22, 2023 at 12:09:35PM +0100, Martin Pitt wrote: > Hello Salvatore, > > Salvatore Bonaccorso [2023-12-19 22:34 +0100]: > > The following vulnerability was published for libssh. > > > > CVE-2023-6004[0]: > > | ProxyCommand/ProxyJump features allow injection of malicious code

Bug#1059061: libssh: CVE-2023-6004

2023-12-22 Thread Martin Pitt
Hello Salvatore, Salvatore Bonaccorso [2023-12-19 22:34 +0100]: > The following vulnerability was published for libssh. > > CVE-2023-6004[0]: > | ProxyCommand/ProxyJump features allow injection of malicious code > | through hostname I uploaded the new upstream security fix release 0.10.6 to unsta

Bug#1059061: libssh: CVE-2023-6004

2023-12-19 Thread Salvatore Bonaccorso
Source: libssh Version: 0.10.5-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for libssh. CVE-2023-6004[0]: | ProxyCommand/ProxyJump features allow injection of malicious code | through hostname