[Git][security-tracker-team/security-tracker][master] libssh: Reference fixes from stable branch

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 18 20:17:58 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b7174d6 by Salvatore Bonaccorso at 2023-12-18T21:16:51+01:00
libssh: Reference fixes from stable branch

This is fixed both in 0.10.6 *and* 0.9.8 upstream. For now only
referncing the commits from the stable-0.10 branch. Same set of commits
exists in stable-0.9 branch.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,10 +107,10 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: golang.org/x/crypto/ssh: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (v0.17.0)
-	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/7ecc6a704ba30ef65a928742f140e0ee977c9dc4
-	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/3876976cedb93450e0e2a4fc8125d05b99c7fe5a
-	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/bdcdf920965f2fffc8e4ff8fc5675992eacf3891
-	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/a8b9d1368724cb237743ebc98218b7fe713459c8
+	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c (libssh-0.10.6)
+	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd (libssh-0.10.6)
+	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6 (libssh-0.10.6)
+	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d (libssh-0.10.6)
 	NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: OpenSSH (strict key exchange): https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 (V_9_6_P1)
 	NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337
@@ -4708,23 +4708,23 @@ CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized ac
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6918
 	- libssh <unfixed>
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/a16f34c57a4034f940c557936fd9434976adabcf
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/10c200037a82218d43c30ff2fcda0af7fbe7168e
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/5c407d2f16ab76c3dbc8324b4138f405177219b6
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/59c00c66c4466bacaddf73dcd853ac1dac95ba39
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/b3de3a33352a78214a534005e3e4f0576dcc9e17
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6)
 CVE-2023-6004
 	- libssh <unfixed>
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/57ec9a35c612d416bfc045c48ccb69a5e9b57008
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/1dfde16f49076b255e6370f30abf9f03d48997be
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/b83368b2ed10a3d14344f374d9765d47d1d9f3f7
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/0ff85b034a04d45e79a79cd5666b348b5e27800d
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/2cd971e10e6244c6ffbfadbeba626ef998b4f78e
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/95c6f880ef1539635bb82a134f7b8a06a46887ca
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/7b697d711e2c8b88ca6e15e349caae2dff9cb442
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/92e35c291c9a5c6dbe742a2677bf377597f69cd7
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/2c92e8ce930a428a6fd150ae1ae55c5a365543f5
-	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/f353b39ff2c0e0db51f978f035ac976ff5377413
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921 (libssh-0.10.6)
+	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 (libssh-0.10.6)
 CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: Botanik Software Pharmacy Automation
 CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in DECE Soft ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b7174d6249950e7a3d63253b8a3677452229316

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b7174d6249950e7a3d63253b8a3677452229316
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231218/c3fd33fe/attachment.htm>

More information about the debian-security-tracker-commits mailing list