[Bug 2066061] Re: Please merge paramiko 3.4.0-1 into Oracular

[Hector CAO]

The folowing Ubuntu changes are dropped:
- SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-*.patch: implement strict key
      exchange.
    - CVE-2023-48795
  These changes are backports from upstream and the new debian version contains these commits.
  Per consequence, no need anymore to apply them

- debian/patches/remove_six.patch
  This patch is dropped since it is in upstream

- debian/patches/fix_test_on_armhf.patch
  This patch is dropped because the file tests/test_transport.py is changed in the new version and
  this patch is not application neither necessary


** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to paramiko in Ubuntu.
https://bugs.launchpad.net/bugs/2066061

Title:
  Please merge paramiko 3.4.0-1 into Oracular

Status in paramiko package in Ubuntu:
  In Progress

Bug description:
  paramiko
  Fri May  3 21:50:49 2024

  Below now follows the report of the automated merge of the Ubuntu
  changes to the paramiko source package against the new Debian version.

  Here are the particulars of the three versions of paramiko that were
  chosen for the merge.  The base is the newest version that is a common
  ancestor of both the Ubuntu and Debian packages.  It may be of a
  different upstream version, but that's not usually a problem.

  The files are the source package itself, and the patch from the common
  base to that version.

  base: 2.12.0-2
      paramiko_2.12.0-2.dsc
      paramiko_2.12.0.orig.tar.xz
      paramiko_2.12.0-2.debian.tar.xz

  ubuntu: 2.12.0-2ubuntu4
      paramiko_2.12.0-2ubuntu4.dsc
      paramiko_2.12.0.orig.tar.xz
      paramiko_2.12.0-2ubuntu4.debian.tar.xz

  base -> ubuntu
      paramiko_2.12.0-2ubuntu4.patch

  debian: 3.4.0-1
      paramiko_3.4.0-1.dsc
      paramiko_3.4.0.orig.tar.xz
      paramiko_3.4.0-1.debian.tar.xz

  base -> debian
      paramiko_3.4.0-1.patch

  
  Generated Result
  ================

  Due to conflict or error, it was not possible to automatically create
  a source package.  Instead the result of the merge has been placed
  into the following tar file which you will need to turn into a source
  package once the problems have been resolved.

      paramiko_3.4.0-1ubuntu1.src.tar.gz

  
  Conflicts
  =========

  In one or more cases, there were different changes made in both Ubuntu
  and Debian to the same file; these are known as conflicts.

  It is not possible for these to be automatically resolved, so this
  source needs human attention.

  Those files marked with 'C ' contain diff3 conflict markers, which can
  be resolved using the text editor of your choice.  Those marked with
  'C*' could not be merged that way, so you will find .UBUNTU and
  .DEBIAN files instead and should choose one of them or a combination
  of both, moving it to the real filename and deleting the other.

    C  debian/patches/series

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/paramiko/+bug/2066061/+subscriptions