-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Apr 2024 16:14:32 +0200 Source: python-asyncssh Architecture: source Version: 2.10.1-2+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Steve McIntyre <steve.mcintyre@pexip.com> Closes: 1059007 Changes: python-asyncssh (2.10.1-2+deb12u1) bookworm-security; urgency=medium . * Apply and tweak upstream security fix for CVE-2023-48795 Implement "strict kex" support to harden AsyncSSH against Terrapin Attack. Closes: #1059007 Checksums-Sha1: 8e66c0edb5a6bca17c1cc5a0001f86389ba5b75d 2461 python-asyncssh_2.10.1-2+deb12u1.dsc 29c59b8b0e95d37b4de8ab683ffd21b9056ea0f7 479790 python-asyncssh_2.10.1.orig.tar.gz 8d2720fd2edcc387f613e52e5dc75812dfef01fc 12956 python-asyncssh_2.10.1-2+deb12u1.debian.tar.xz cce421a8681b25eef2ad16d606c6a8a6fee47569 8198 python-asyncssh_2.10.1-2+deb12u1_source.buildinfo Checksums-Sha256: 371b4915cbffcf1da74a5f84ed57e6b197b84994cef26520530b4f73e8e2bc41 2461 python-asyncssh_2.10.1-2+deb12u1.dsc 6c58c999806b17d7cf654d995cebb7f2b918d17335ebc11226f5a0c1ea29d12f 479790 python-asyncssh_2.10.1.orig.tar.gz 46db643314fff2aeeab3d246fa1d63d7aa13200f016fb7278e0f6662c72f6052 12956 python-asyncssh_2.10.1-2+deb12u1.debian.tar.xz e10c3cd21a79f8c1b260c41c8a0edc0b4b6aded9035e22e4b85f867ba60b67c6 8198 python-asyncssh_2.10.1-2+deb12u1_source.buildinfo Files: 57b44875eb2cf9a534daa78f6fc3a357 2461 python optional python-asyncssh_2.10.1-2+deb12u1.dsc 1fc8fb88dd5fbfff4ea7710c7caa88e7 479790 python optional python-asyncssh_2.10.1.orig.tar.gz 7cadca266c1b12784e4fb366c22daec6 12956 python optional python-asyncssh_2.10.1-2+deb12u1.debian.tar.xz 750d5836c9861349c1f8c4f19438296e 8198 python optional python-asyncssh_2.10.1-2+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma/ZxwACgkQEMKTtsN8 Tja2Cw/5Ae6E0Ljp5tgQ/6etFksJv4N8z0N2qQG7bJUnScka7OlqLGht7A4xtZmK R3d3BQfzKFQPXwief1XUWpUqYQ2mBwLqZozEWOvDbxShLmSWk9twQmVrCV9j1fm+ akBidcoFyNEhMNvNSoM4wxmOI/81ed4BdZQEV4Zr5Tge0PmriWkBicUjLw05G63v Krmwn/1lSIWKCX2Ln4sKr3uWlDc47g/W1MF7ADcxlUzutqb/S4EdT1WHCKTXgvCg e3tIxsJf/HwhMAbT8022XLmJT0xp211Rlci6PKx52zzusY7h12C+7XBWVhI1QLcz uLagZlofQAv7F5E5oMD4FKG3xntszVOIYfZ2i8f0uOw3Kx//AWHIFN3mVsM+hoMa /yt8AnK6iwICBq7FhjglffNoluB6OV7Zw8OFM3NtL6CZaGC4qczu8sydlsCR/Xi4 iW0fBTFNlIn7jot7MchBZ2W87Mz32GcBqEsSMW4i3AiQEINhVQG8lplV8crY7z0g DKOn682EteCBBjfENhLHP/UDj2SCNSKhDUZN7bOWLxWMWeOS/fenh5AdmoYGdADD qWmgxdfhNru/dP8zCoP/x5vyiCaXUVQzywYfd0EJ2FGXgKwlbkCuFkOpJ1sMaGZJ GHokG8m+Oe+UOFfYGUrtkp+LnyzfgJYhL4skD2xIJAUcbl0jQKg= =9J4t -----END PGP SIGNATURE-----