Hi Martin, On Fri, Dec 22, 2023 at 04:39:46PM +0100, Martin Pitt wrote: > Hello Salvatore, > > Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > > However, the fix for CVE-2023-6004 caused a regression: > > > https://gitlab.com/libssh/libssh-mirror/-/issues/227 > > > I will monitor this, and include the fix in the security upload once it is > > > available (or presumably they'll do a 0.10.7). So if it's alright with > > > you, > > > I'll delay the stable-security update for a few days. > > > > Rigth, it's not that pressing that we get updates out, so let's > > monitor this, have 0.10.7 uploaded and exposed as well then to > > unstable for a while and then look at bookworm-security. Btw, we will > > as well need bullseye-security. > > Ack. The fix landed upstream, and they said they won't do a 0.10.7 > immediately, > so I backported it and uploaded as 0.10.6-2 to sid. I threw the whole cockpit > integration test suite at it (which exercises libssh pretty thoroughly via > cockpit-ssh), and it is happy. > > I'll let that simmer for a few days to let it go into testing, and prepare the > security updates soon.
Thanks, that sounds good. Regards, Salvatore
