[Git][security-tracker-team/security-tracker][master] Drop unneeded note on consequences for tinyssh

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 21 19:24:50 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c9c146b by Salvatore Bonaccorso at 2023-12-21T20:24:03+01:00
Drop unneeded note on consequences for tinyssh

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -758,9 +758,9 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81
 	NOTE: tinyssh: https://github.com/janmojzis/tinyssh/commit/ebaa1bd23c2c548af70cc8151e85c74f4c8594bb
 	NOTE: tinyssh: 20230101-4 implements kex-strict-s-v00 at openssh.com for the strict kex support. But
-	NOTE: since there is no support for EXT_INFO in tinyssh, even with the present chacha20-poly1305 at openssh.com
-	NOTE: encryption algorith, there is no downgrade of the connection security. An attack might result in
-	NOTE: hanging or breaking connction.
+	NOTE: tinyssh: since there is no support for EXT_INFO in tinyssh, even with the present
+	NOTE: tinyssh: chacha20-poly1305 at openssh.com encryption algorith, there is no downgrade of the
+	NOTE: tinyssh: connection security.
 CVE-2023-41314 (The api /api/snapshot and /api/get_log_file would allow unauthenticate ...)
 	NOT-FOR-US: Apache Doris
 CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c9c146b319f10b4550f0e1bd8109fc6b06d27a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c9c146b319f10b4550f0e1bd8109fc6b06d27a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231221/aad21f0a/attachment.htm>

More information about the debian-security-tracker-commits mailing list