[ubuntu/jammy-updates] python-asyncssh 2.5.0-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Nov 18 09:28:19 UTC 2024
python-asyncssh (2.5.0-1ubuntu0.1) jammy-security; urgency=medium
* Fix unit test cases failures
- d/p/fix-test-dsa.patch: update DSA unit tests to not test
interoperability with OpenSSH
- d/p/fix-test-to-add-support-for-openssl-3.patch: add support for
running test on system with openssl 3.0 installed
* SECURITY UPDATE: message injection during handshake
- d/p/CVE-2023-46445-and-CVE-2023-46446.patch: additional restrictions
on when messages are accepted during the SSH handshake to avoid
message injection attacks from a rogue client or server.
- CVE-2023-46445
- CVE-2023-46446
* SECURITY UPDATE: Prefix truncation attack on BPP
- d/p/CVE-2023-48795.patch: implement "strict key exchange" in
connection.py
- CVE-2023-48795
Date: 2024-11-14 06:33:10.381924+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python-asyncssh/2.5.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list