[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
libssh security announcements
[Thread Prev] | [Thread Next]
- Subject: libssh security announcements
- From: Rolf Eike Beer <eb@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 23 Sep 2025 16:12:39 +0200
- To: libssh@xxxxxxxxxx
Hi all, I recently came across your collection of security announcements at https://www.libssh.org/security/advisories/ We look to get such information directly from the projects, as this is usually more accurate and often way faster than using the NVD data - which for example has not published any version information regarding CVE-2025-8277 yet, neither has cve.org regarding vanilla libssh versions. When looking through your list of advisories I noticed that this is a nice writeup for a human audience, but automated handling would be hard as e.g. the version information are not easily available as well. The information is usually in the advisory, but the "Versions:" line has inconsistent format, e.g. compare CVE-2025-5449[1] to the more recent issues. And the earlier issues sometimes don't even list the fix version in those lines at all. Would it be possible to come up with a version formatting that is consistent in all files and that is machine readable as well? Just in case you want to stretch this to the limit, there is also a completely machine (but less human) readable format for those entries, as documented at: https://github.com/CVEProject/cve-schema Which brings me to libssh-2025-gex.txt in this directory[2][3]. Should I see this as independent vulnerability description without CVE id or is this part of any other issue? Thanks for your work. Regards, Eike 1) unrelated nitpick: "s/ on on / on /" for this one. 2) another nitpick: this is served without charset specification by your webserver, so the Umlauts in the reporter names are broken. 3) $VERSIONS appears in the text body, I suspect this should have been replaced with version numbers before publishing. -- Rolf Eike Beer emlix GmbH Headquarters: Berliner Str. 12, 37073 Göttingen, Germany Phone +49 (0)551 30664-0, e-mail info@xxxxxxxxx District Court of Göttingen, Registry Number HR B 3160 Managing Directors: Heike Jordan, Dr. Uwe Kracke VAT ID No. DE 205 198 055 Office Berlin: Panoramastr. 1, 10178 Berlin, Germany Office Bonn: Bachstr. 6, 53115 Bonn, Germany http://www.emlix.com emlix - your embedded Linux partner
Attachment:
signature.asc
Description: This is a digitally signed message part.
| Re: libssh security announcements | Jakub Jelen <jjelen@xxxxxxxxxx> |