[Git][security-tracker-team/security-tracker][master] Add filezilla for CVE-2023-48795

Fri, 22 Dec 2023 12:17:41 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
276cf84a by Salvatore Bonaccorso at 2023-12-22T21:17:04+01:00
Add filezilla for CVE-2023-48795

filezilla embedds putty. And the embedded copy of putty got updated to
support the strict kex from putty version in the upstream version
3.66.4.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1132,6 +1132,7 @@ CVE-2023-48795 (The SSH transport protocol with certain 
OpenSSH extensions, foun
        - erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
        [bookworm] - erlang <no-dsa> (Minor issue)
        [bullseye] - erlang <no-dsa> (Minor issue)
+       - filezilla 3.66.4-1
        - golang-go.crypto <unfixed> (bug #1059003)
        - jsch <not-affected> (ChaCha20-Poly1305 support introduced in 0.1.61; 
*-EtM support introduced in 0.1.58)
        - libssh 0.10.6-1 (bug #1059004)
@@ -1155,6 +1156,9 @@ CVE-2023-48795 (The SSH transport protocol with certain 
OpenSSH extensions, foun
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3
        NOTE: dropbear: 
https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
        NOTE: Erlang/OTP: 
https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa 
(OTP-24.3.4.15, OTP-25.3.2.8, OTP-26.2.1)
+       NOTE: filezilla: 
https://svn.filezilla-project.org/filezilla?view=revision&revision=11047
+       NOTE: filezilla: 
https://svn.filezilla-project.org/filezilla?view=revision&revision=11048
+       NOTE: filezilla: 
https://svn.filezilla-project.org/filezilla?view=revision&revision=11049
        NOTE: golang.org/x/crypto/ssh: 
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
        NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784
        NOTE: golang.org/x/crypto/ssh: 
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
 (v0.17.0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/276cf84acf5b952f145fcac4bde84b9b62553fe3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/276cf84acf5b952f145fcac4bde84b9b62553fe3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to