Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12930
| Path | csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Andreas Tille <andreas@an3as.eu> |
| Newsgroups | linux.debian.bugs.dist, linux.debian.maint.java |
| Subject | Bug#1059294: trilead-ssh2: CVE-2023-48795 |
| Date | Tue, 18 Feb 2025 17:30:01 +0100 |
| Message-ID | <KhyDT-aIt-21@gated-at.bofh.it> (permalink) |
| References | <HNN8t-fjnQ-7@gated-at.bofh.it> |
| X-Original-To | 1059294@bugs.debian.org, debian-java@lists.debian.org |
| X-Mailbox-Line | From debian-bugs-dist-request@lists.debian.org Tue Feb 18 16:24:07 2025 |
| Old-Return-Path | <debbugs@buxtehude.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -3.751 |
| Reply-To | Andreas Tille <andreas@an3as.eu>, 1059294@bugs.debian.org |
| Resent-To | debian-bugs-dist@lists.debian.org |
| Resent-Cc | Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> |
| X-Debian-Pr-Message | followup 1059294 |
| X-Debian-Pr-Package | src:trilead-ssh2 |
| X-Debian-Pr-Keywords | upstream security |
| X-Debian-Pr-Source | trilead-ssh2 |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| Content-Disposition | inline |
| X-Debian-Message | from BTS |
| X-Mailing-List | <debian-bugs-dist@lists.debian.org> archive/latest/1887872 |
| List-ID | <debian-bugs-dist.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-bugs-dist/> |
| Approved | robomod@news.nic.it |
| Lines | 27 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | Package Salvaging Team <team+salvage@tracker.debian.org> |
| X-Original-Date | Tue, 18 Feb 2025 17:21:55 +0100 |
| X-Original-Message-ID | <Z7Szo92NoyKWf6og@an3as.eu> |
| X-Original-References | <ZYWEGQnz45nEkj2A@pisco.westfalen.local> |
| Xref | csiph.com linux.debian.bugs.dist:1233880 linux.debian.maint.java:12930 |
Cross-posted to 2 groups.
Show key headers only | View raw
Hi,
since trilead-ssh2 came up as a candidate for the Bug of the Day[1]. I
realised the watch file was outdated and pointed it to Github where a
long series of newer releases was tagged. Unfortunately the version
string is a bit unfortunate and we might need an epoch most probably.
I found some workaround without this for the moment but I'd recommend
to find a better solution.
Upstream does *not* mention CVE-2023-48795 inside the code and the Git
log. However, the log mentions CVE-2021-22569 - so its probably worth
uploading the latest version anyway and ping upstream about
CVE-2023-48795.
Unfortunately its not that simple to build the new upstream version. As
you can see in Salsa CI[2] it seems we need two new Build-Depends. Thus
for the moment I simply updated the metadata of the package and hope
someone else will catch up from here.
Kind regards
Andreas.
[1] https://salsa.debian.org/tille/tiny_qa_tools/-/wikis/Tiny-QA-tasks#bug-of-the-day
[2] https://salsa.debian.org/java-team/trilead-ssh2/-/jobs/7114202#L1665
--
https://fam-tille.de
Back to linux.debian.maint.java | Previous | Next | Find similar
Bug#1059294: trilead-ssh2: CVE-2023-48795 Andreas Tille <andreas@an3as.eu> - 2025-02-18 17:30 +0100
csiph-web