Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1292598

Bug#1135907: paramiko: CVE-2026-44405

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.bugs.dist
Subject Bug#1135907: paramiko: CVE-2026-44405
Date 2026-05-07 11:30 +0200
Message-ID <MS3dn-3f68-1@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

Source: paramiko
Version: 4.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for paramiko.

CVE-2026-44405[0]:
| In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1
| algorithm.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-44405
    https://www.cve.org/CVERecord?id=CVE-2026-44405
[1] https://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e851dbb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Back to linux.debian.bugs.dist | Previous | Next | Find similar

Thread

Bug#1135907: paramiko: CVE-2026-44405 Salvatore Bonaccorso <carnil@debian.org> - 2026-05-07 11:30 +0200

csiph-web