[Git][security-tracker-team/security-tracker][master] LTS: dla-needed.txt: Update libssh notes

Sean Whitton (@spwhitton) spwhitton at debian.org
Tue Feb 27 05:26:45 GMT 2024 


Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7238a53 by Sean Whitton at 2024-02-27T13:26:23+08:00
LTS: dla-needed.txt: Update libssh notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -147,14 +147,16 @@ libreswan
 --
 libssh
   NOTE: 20231219: Added by Front-Desk (ta)
-  NOTE: 20240225: Patches backported, tests pass.  The backport needs review.
-  NOTE: 20240225: I haven't yet tested that Terrapin is actually mitigated.
-  NOTE: 20240225: Upstream have provided some input on doing that:
-  NOTE: 20240225: <https://archive.libssh.org/libssh/2024-01/0000000.html>.
-  NOTE: 20240225: I've asked upstream whether it's okay to restore the evp
-  NOTE: 20240225: functions and types (commit 3eb99562):
-  NOTE: 20240225: <https://archive.libssh.org/libssh/2024-02/0000007.html>
+  NOTE: 20240225: Patches backported, tests pass.  Backports needs review.
+  NOTE: 20240225: Re CVE-2023-48795: untested that Terrapin is actually
+  NOTE: 20240225: mitigated.  Upstream have provided some input on doing that:
+  NOTE: 20240225: <https://archive.libssh.org/libssh/2024-01/0000000.html>
   NOTE: 20240225: (spwhitton).
+  NOTE: 20240227: Re CVE-2023-6918: commit 3eb99562 is simply to fix
+  NOTE: 20240227: the build.  It is currently unknown whether it is safe.
+  NOTE: 20240225: Upstream have provided some feedback on the issue:
+  NOTE: 20240225: <https://archive.libssh.org/libssh/2024-02/0000009.html>
+  NOTE: 20240227: (spwhitton).
 --
 libstb
   NOTE: 20231029: Added by Front-Desk (gladk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7238a53194e0107abed16621b117a0dd3dc531d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7238a53194e0107abed16621b117a0dd3dc531d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240227/10203b9e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list