[Git][security-tracker-team/security-tracker][master] Track fixed version for libssh issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c708efe9 by Salvatore Bonaccorso at 2023-12-22T16:25:32+01:00
Track fixed version for libssh issues

Note: The issue for CVE-2023-6004 is marked explicitly as fixed even
though has just still a functional regression in IPv6 parsing, not part
of the CVE. Though any update in stable, oldstable suites will need to
make sure the regression is as well fixed.

Martin Pitt will fix this for unstable once 0.10.7 is released, cf
https://bugs.debian.org/1059061

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1026,7 +1026,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	[bullseye] - erlang <no-dsa> (Minor issue)
 	- golang-go.crypto <unfixed> (bug #1059003)
 	- jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58)
-	- libssh <unfixed> (bug #1059004)
+	- libssh 0.10.6-1 (bug #1059004)
 	- libssh2 <unfixed> (bug #1059005)
 	[bookworm] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
 	[bullseye] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
@@ -5679,14 +5679,14 @@ CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Requ
 CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for message d ...)
-	- libssh <unfixed> (bug #1059059)
+	- libssh 0.10.6-1 (bug #1059059)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763 (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6)
 CVE-2023-6004
-	- libssh <unfixed> (bug #1059061)
+	- libssh 0.10.6-1 (bug #1059061)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c708efe94f2019bfd62a92de806725032b1981d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c708efe94f2019bfd62a92de806725032b1981d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/bddf8fb4/attachment.htm>