[Git][security-tracker-team/security-tracker][master] Add tracking for jsch in CVE-2023-48795

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 19 18:20:37 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12ad5711 by Salvatore Bonaccorso at 2023-12-19T19:20:22+01:00
Add tracking for jsch in CVE-2023-48795

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -191,6 +191,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- dropbear <unfixed> (bug #1059001)
 	- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
 	- golang-go.crypto <unfixed> (bug #1059003)
+	- jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58)
 	- libssh <unfixed> (bug #1059004)
 	- libssh2 <unfixed> (bug #1059005)
 	[bookworm] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
@@ -208,6 +209,8 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: golang.org/x/crypto/ssh: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (v0.17.0)
+	NOTE: jsch: https://github.com/mwiede/jsch/issues/457
+	NOTE: jsch: https://github.com/norrisjeremy/jsch/commit/6214da974286a8b94a95f4cf6cec96e972ffd370 (jsch-0.2.15)
 	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c (libssh-0.10.6)
 	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd (libssh-0.10.6)
 	NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6 (libssh-0.10.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ad57117b8e3127f94880486f02db26095abcbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ad57117b8e3127f94880486f02db26095abcbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/ab94306b/attachment.htm>

More information about the debian-security-tracker-commits mailing list