Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d4f068e by Salvatore Bonaccorso at 2023-12-20T13:38:04+01:00
Slightly re-arrange notes and more consistent ordering of source packages
- - - - -
22ef534f by Salvatore Bonaccorso at 2023-12-20T13:44:16+01:00
Reference backport to 1.3.8 series for proftpd commit for CVE-2023-48795
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -494,9 +494,9 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM
support not present)
- openssh 1:9.6p1-1
- paramiko <unfixed> (bug #1059006)
- - putty 0.80-1
- proftpd-dfsg <unfixed>
- proftpd-mod-proxy <unfixed>
+ - putty 0.80-1
- python-asyncssh <unfixed> (bug #1059007)
- tinyssh <unfixed> (bug #1059058)
- trilead-ssh2 <unfixed>
@@ -519,6 +519,10 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2
NOTE: OpenSSH (strict key exchange):
https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
(V_9_6_P1)
NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337
+ NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760
+ NOTE: proftpd:
https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682
(v1.3.9rc2)
+ NOTE: proftpd:
https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b
(v1.3.8b)
+ NOTE: proftpd-mod-proxy:
https://github.com/Castaglia/proftpd-mod_proxy/issues/257
NOTE: PuTTY:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb
(0.80)
NOTE: PuTTY:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e
(0.80)
NOTE: PuTTY:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62
(0.80)
@@ -527,12 +531,9 @@ CVE-2023-48795 (The SSH transport protocol with certain
OpenSSH extensions, foun
NOTE: PuTTY:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367
(0.80)
NOTE: PuTTY:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb
(0.80)
NOTE: PuTTY:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46
(0.80)
- NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81
NOTE: asyncssh:
https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
NOTE: asyncssh:
https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
(v2.14.2)
- NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760
- NOTE: proftpd:
https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682
(v1.3.9rc2)
- NOTE: proftpd-mod-proxy:
https://github.com/Castaglia/proftpd-mod_proxy/issues/257
+ NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81
CVE-2023-41314 (The api /api/snapshot and /api/get_log_file would allow
unauthenticate ...)
NOT-FOR-US: Apache Doris
CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository
mlflow/mlflow prio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dede44ed820a5c333abbc956e131a8821c27cf3c...22ef534f9b2ad47f4f6fac3b6191ef8d045591d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dede44ed820a5c333abbc956e131a8821c27cf3c...22ef534f9b2ad47f4f6fac3b6191ef8d045591d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
