[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh 0.10.6 and libssh 0.9.8 security releases
[Thread Prev] | [Thread Next]
- Subject: Re: libssh 0.10.6 and libssh 0.9.8 security releases
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 2 Jan 2024 16:39:17 +0100
- To: libssh@xxxxxxxxxx
Hi, I see now the tags are there: https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.6 https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.6 Jakub On Wed, Dec 27, 2023 at 11:22 PM Norm Green <norm.green@xxxxxxxxxxxxxxxxxx> wrote: > > I am not seeing a release tag for 0.10.6 in > https://git.libssh.org/projects/libssh.git . > Is there supposed to be one? > > Norm Green > > On 12/25/2023 11:26 AM, Jakub Jelen wrote: > > Thank you for the update of cygwin! Note, that the 0.10.6 had a > > regression in IPv6 parsing as mentioned in the updated announcement on > > the blog (but not yet mentioned here). So please, consider pulling > > also the fix for following issue: > > > > https://gitlab.com/libssh/libssh-mirror/-/issues/227 > > > > Jakub > > > > On Mon, Dec 25, 2023 at 2:12 PM Carlo Bramini <carlo.bramix@xxxxxxxxx> wrote: > >> Thank you very much! > >> I updated my packages of libssh to version 0.10.6-1 for CYGWIN into my repo: > >> https://github.com/carlo-bramini/packages-cygwin/tree/main/libssh > >> > >> Sincerely, > >> > >> Carlo Bramini. > >> > >>> Il 18/12/2023 21:54 CET Jakub Jelen <jjelen@xxxxxxxxxx> ha scritto: > >>> > >>> > >>> The two new releases of libssh 0.9 and 0.10 address the following > >>> security issues: > >>> > >>> * CVE-2023-6004: Command Injection using malicious hostname in > >>> expanded proxycommand. More details can be found in the advisory. > >>> * CVE-2023-48795: Avoid potential downgrade attacks by implementing > >>> strict kex. More details can be found in the advisory. > >>> * CVE-2023-6918: Avoid potential use of weak keys in low memory > >>> conditions by systematically checking return values of MD functions. > >>> More details can be found in the advisory. > >>> > >>> In addition the 0.10 version contains several bugfixes and backports. > >>> For full list, see the changelog below. > >>> > >>> If you are new to libssh you should read our tutorial how to get > >>> started. Please join our mailing list or visit Matrix channel if you > >>> have questions. > >>> > >>> You can read the full advisories, changelog and download updated > >>> libssh on the following announcement post: > >>> > >>> https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ > > > >
Archive administrator: postmaster@lists.cynapses.org