Tags: security upstream
the following vulnerability was published for paramiko.
| transport.py in the SSH server implementation of Paramiko before
| 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5,
| 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not
| properly check whether authentication is completed before processing
| other requests, as demonstrated by channel-open. A customized SSH
| client can simply skip the authentication step.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see: