Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > linux.debian.maint.java > #12930
| From | Andreas Tille <andreas@an3as.eu> |
|---|---|
| Newsgroups | linux.debian.bugs.dist, linux.debian.maint.java |
| Subject | Bug#1059294: trilead-ssh2: CVE-2023-48795 |
| Date | 2025-02-18 17:30 +0100 |
| Message-ID | <KhyDT-aIt-21@gated-at.bofh.it> (permalink) |
| References | <HNN8t-fjnQ-7@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
Hi,
since trilead-ssh2 came up as a candidate for the Bug of the Day[1]. I
realised the watch file was outdated and pointed it to Github where a
long series of newer releases was tagged. Unfortunately the version
string is a bit unfortunate and we might need an epoch most probably.
I found some workaround without this for the moment but I'd recommend
to find a better solution.
Upstream does *not* mention CVE-2023-48795 inside the code and the Git
log. However, the log mentions CVE-2021-22569 - so its probably worth
uploading the latest version anyway and ping upstream about
CVE-2023-48795.
Unfortunately its not that simple to build the new upstream version. As
you can see in Salsa CI[2] it seems we need two new Build-Depends. Thus
for the moment I simply updated the metadata of the package and hope
someone else will catch up from here.
Kind regards
Andreas.
[1] https://salsa.debian.org/tille/tiny_qa_tools/-/wikis/Tiny-QA-tasks#bug-of-the-day
[2] https://salsa.debian.org/java-team/trilead-ssh2/-/jobs/7114202#L1665
--
https://fam-tille.de
Back to linux.debian.maint.java | Previous | Next | Find similar
Bug#1059294: trilead-ssh2: CVE-2023-48795 Andreas Tille <andreas@an3as.eu> - 2025-02-18 17:30 +0100
csiph-web