Control: tag -1 confirmed On Fri, May 19, 2023 at 12:11:17AM +0100, Samuel Henrique wrote: > [ Reason ] > * Backport upstream patches to fix 5 CVEs: > - CVE-2023-27533: TELNET option IAC injection > - CVE-2023-27534: SFTP path ~ resolving discrepancy > - CVE-2023-27535: FTP too eager connection reuse > - CVE-2023-27536: GSS delegation too eager connection re-use > - CVE-2023-27538: SSH connection too eager reuse still > * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), > required for CVE-2023-27535.
Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1