[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795

[ You missed the correct mailing list. debian-security is _not_
  the correct way to reach the security team, fixing ]

On Sun, Dec 24, 2023 at 09:12:04AM +0000, Sean Whitton wrote:
> Hello,
> I have taken responsibility for fixing these CVEs in libssh in buster,
> as part of Freexian-funded LTS work.  I would like to see if I can help
> get them fixed in bullseye & bookworm in parallel, to avoid a situation
> where they're fixed in buster but not fixed in releases to which LTS
> users might soon upgrade their machines.
> I see the fixes are all in sid.  Are you expecting to issue DSAs for
> bullseye and bookworm?  I would be grateful for some information on the
> sec team's plans for these fixes.

There will be updates via s.d.i, but with some intentional delay to
first spot regressions based on the upload to sid.


Reply to: