Package: tkey-ssh-agent Version: 1.0.0+ds-6 X-Debbugs-CC: [email protected] Tags: security
This is a bug to track the security vulnerability described here: https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v The vulnerability is in the golang-github-tillitis-tkeyclient library, however upstream updated tkey-ssh-agent to implement a more clever upgrade path that fixes things for vulnerable users but does not invalidate all private keys for unaffected users. I think merely updating tkeyclient (and rebuilding old tkey-ssh-agent) would be bad. Both packages should be updated if any security update is to be prepared. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131010 /Simon
signature.asc
Description: PGP signature
