[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795


I have taken responsibility for fixing these CVEs in libssh in buster,
as part of Freexian-funded LTS work.  I would like to see if I can help
get them fixed in bullseye & bookworm in parallel, to avoid a situation
where they're fixed in buster but not fixed in releases to which LTS
users might soon upgrade their machines.

I see the fixes are all in sid.  Are you expecting to issue DSAs for
bullseye and bookworm?  I would be grateful for some information on the
sec team's plans for these fixes.


Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: