Thank you for the update of cygwin! Note, that the 0.10.6 had a regression in IPv6 parsing as mentioned in the updated announcement on the blog (but not yet mentioned here). So please, consider pulling also the fix for following issue:
https://gitlab.com/libssh/libssh-mirror/-/issues/227 Jakub On Mon, Dec 25, 2023 at 2:12 PM Carlo Bramini <[email protected]> wrote: > > Thank you very much! > I updated my packages of libssh to version 0.10.6-1 for CYGWIN into my repo: > https://github.com/carlo-bramini/packages-cygwin/tree/main/libssh > > Sincerely, > > Carlo Bramini. > > > Il 18/12/2023 21:54 CET Jakub Jelen <[email protected]> ha scritto: > > > > > > The two new releases of libssh 0.9 and 0.10 address the following > > security issues: > > > > * CVE-2023-6004: Command Injection using malicious hostname in > > expanded proxycommand. More details can be found in the advisory. > > * CVE-2023-48795: Avoid potential downgrade attacks by implementing > > strict kex. More details can be found in the advisory. > > * CVE-2023-6918: Avoid potential use of weak keys in low memory > > conditions by systematically checking return values of MD functions. > > More details can be found in the advisory. > > > > In addition the 0.10 version contains several bugfixes and backports. > > For full list, see the changelog below. > > > > If you are new to libssh you should read our tutorial how to get > > started. Please join our mailing list or visit Matrix channel if you > > have questions. > > > > You can read the full advisories, changelog and download updated > > libssh on the following announcement post: > > > > https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ >
