[Git][security-tracker-team/security-tracker][master] Add filezilla for CVE-2023-48795

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 22 20:17:24 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
276cf84a by Salvatore Bonaccorso at 2023-12-22T21:17:04+01:00
Add filezilla for CVE-2023-48795

filezilla embedds putty. And the embedded copy of putty got updated to
support the strict kex from putty version in the upstream version
3.66.4.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1132,6 +1132,7 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
 	[bookworm] - erlang <no-dsa> (Minor issue)
 	[bullseye] - erlang <no-dsa> (Minor issue)
+	- filezilla 3.66.4-1
 	- golang-go.crypto <unfixed> (bug #1059003)
 	- jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58)
 	- libssh 0.10.6-1 (bug #1059004)
@@ -1155,6 +1156,9 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
 	NOTE: dropbear: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
 	NOTE: Erlang/OTP: https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa (OTP-24.3.4.15, OTP-25.3.2.8, OTP-26.2.1)
+	NOTE: filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11047
+	NOTE: filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11048
+	NOTE: filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11049
 	NOTE: golang.org/x/crypto/ssh: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784
 	NOTE: golang.org/x/crypto/ssh: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (v0.17.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/276cf84acf5b952f145fcac4bde84b9b62553fe3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/276cf84acf5b952f145fcac4bde84b9b62553fe3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/0927e25a/attachment.htm>

More information about the debian-security-tracker-commits mailing list