[Git][security-tracker-team/security-tracker][master] Add erlang for CVE-2023-48795

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 19 07:07:49 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80c613e8 by Salvatore Bonaccorso at 2023-12-19T08:07:08+01:00
Add erlang for CVE-2023-48795

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -101,6 +101,7 @@ CVE-2023-46447 [Rogue Session Attack in AsyncSSH]
 	NOTE: https://terrapin-attack.com/
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
 	- dropbear <unfixed>
+	- erlang <unfixed>
 	- golang-go.crypto <unfixed>
 	- libssh <unfixed>
 	- libssh2 <unfixed>
@@ -112,6 +113,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: https://terrapin-attack.com/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
 	NOTE: dropbear: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
+	NOTE: Erlang/OTP: https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa (OTP-24.3.4.15, OTP-25.3.2.8, OTP-26.2.1)
 	NOTE: golang.org/x/crypto/ssh: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (v0.17.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80c613e85d0f408dbb11a1757feaf0da64db2208

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80c613e85d0f408dbb11a1757feaf0da64db2208
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/ac142e5c/attachment.htm>

More information about the debian-security-tracker-commits mailing list