libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795

To: debian-security@lists.debian.org
Cc: libssh@packages.debian.org, debian-lts@lists.debian.org
Subject: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Sun, 24 Dec 2023 09:12:04 +0000
Message-id: <[🔎] 87cyuwvuaj.fsf@zephyr.silentflame.com>

Hello,

I have taken responsibility for fixing these CVEs in libssh in buster,
as part of Freexian-funded LTS work.  I would like to see if I can help
get them fixed in bullseye & bookworm in parallel, to avoid a situation
where they're fixed in buster but not fixed in releases to which LTS
users might soon upgrade their machines.

I see the fixes are all in sid.  Are you expecting to issue DSAs for
bullseye and bookworm?  I would be grateful for some information on the
sec team's plans for these fixes.

Thanks!

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795
  - From: Martin Pitt <mpitt@debian.org>

Prev by Date: Re: Security releases for ecosystems that use static linking
Next by Date: Re: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795
Previous by thread: Re: Security releases for ecosystems that use static linking
Next by thread: Re: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795
Index(es):
- Date
- Thread