Thank you very much! I updated my packages of libssh to version 0.10.6-1 for CYGWIN into my repo: https://github.com/carlo-bramini/packages-cygwin/tree/main/libssh
Sincerely, Carlo Bramini. > Il 18/12/2023 21:54 CET Jakub Jelen <jje...@redhat.com> ha scritto: > > > The two new releases of libssh 0.9 and 0.10 address the following > security issues: > > * CVE-2023-6004: Command Injection using malicious hostname in > expanded proxycommand. More details can be found in the advisory. > * CVE-2023-48795: Avoid potential downgrade attacks by implementing > strict kex. More details can be found in the advisory. > * CVE-2023-6918: Avoid potential use of weak keys in low memory > conditions by systematically checking return values of MD functions. > More details can be found in the advisory. > > In addition the 0.10 version contains several bugfixes and backports. > For full list, see the changelog below. > > If you are new to libssh you should read our tutorial how to get > started. Please join our mailing list or visit Matrix channel if you > have questions. > > You can read the full advisories, changelog and download updated > libssh on the following announcement post: > > https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
