Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted python-asyncssh 2.5.0-0.1+deb11u1 (source) into oldstable-security
Date: Fri, 27 Sep 2024 19:40:19 +0000
Signed by: Daniel Leidert <dleidert@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Sep 2024 20:11:18 +0200
Source: python-asyncssh
Architecture: source
Version: 2.5.0-0.1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1055999 1056000 1059007
Changes:
 python-asyncssh (2.5.0-0.1+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * debian/patches/CVE-2023-46445-and-CVE-2023-46446.patch: Add patch to fix
     CVE-2023-46445 and CVE-2023-46446 (Rogue Session Attack, Rogue Extension
     Negotiation):
     - Put additional restrictions on when messages are accepted during the
       SSH handshake to avoid message injection attacks from a rogue client
       or server (closes: #1055999, #1056000).
   * debian/patches/CVE-2023-48795.patch: Add patch to fix CVE-2023-48795.
     - Implement "strict kex" support and other countermeasures to protect
       against the Terrapin Attack described in CVE-2023-48795
       (closes: #1059007).
Checksums-Sha1:
 d3cf235a8005d1fe3a2546b410dedc19be1555e1 2443 python-asyncssh_2.5.0-0.1+deb11u1.dsc
 008224035562be86418dc126b18065cbb1889fb2 410782 python-asyncssh_2.5.0.orig.tar.gz
 5f594308bfa331670841e79af589e07b5081e9d3 14488 python-asyncssh_2.5.0-0.1+deb11u1.debian.tar.xz
 d22c7c288bec70a17fb2b8081e18c80ed1f2028e 8799 python-asyncssh_2.5.0-0.1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 2804aefbcafd266427c70dca6f1e8c224204d5748261c4c26caabdcde14898e1 2443 python-asyncssh_2.5.0-0.1+deb11u1.dsc
 21368857bd72b5c507344efb302f4445c6872d4451e1cc65241b53ea676bd54f 410782 python-asyncssh_2.5.0.orig.tar.gz
 e8e9dcb1fa52d4d5bb0e326cfb9933cd304f8f9c0b6cd3d04dd5c8770c6c7bea 14488 python-asyncssh_2.5.0-0.1+deb11u1.debian.tar.xz
 3e96aa676aec97f3dfee8398e8749d23bcc59fc5799dcf5bb7395159dbd46b05 8799 python-asyncssh_2.5.0-0.1+deb11u1_amd64.buildinfo
Files:
 19603943d30de93c6fa17fbe307d3abe 2443 python optional python-asyncssh_2.5.0-0.1+deb11u1.dsc
 e867c57b149fd047b0525bc258cef372 410782 python optional python-asyncssh_2.5.0.orig.tar.gz
 ac10a187893abb9137f80d2a5c26987c 14488 python optional python-asyncssh_2.5.0-0.1+deb11u1.debian.tar.xz
 0a5e617dae73620d856f163ddd5e2061 8799 python optional python-asyncssh_2.5.0-0.1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmb3BecACgkQS80FZ8KW
0F1tTg/+JbZVLZW4ywL+V5eSMMjSJlSBjfUQUTrA2weqzKv8W+eF1EK/ke4zLm4/
l3qmTChZA9yaSFaCniy4a3623rVoX6EHoRtNbqemU327ZNUiGSOuAn4nR/Nf6v++
kAIorFXsANP3dWNlIk4foSKjxunFX80awx1/hlOzWP6MwjmIAAl+q83i+TV2dIDR
e2TOrBvQYIjmiHb6fPNpMVSDDKRX66XpuygHUmronmbwNurovn0bmuy2aoafxFPf
ELVWkV1a6M8tRCtMWvnSuHzLv19dr6HVjdIaJmbHD8RT3Mq1gKrxCDrLrv1rvpVC
pK+B/7XDhRXZOMflxnU1BmEjBZifgNuL1K+u2HC1+MUjowSLeitd9SuMHeLYE3ZA
Xzi2W2FsDnlc8flAqlZVX/w4Spxi2zi2W39sYJolWKTJoe/wwPNO7nPVJwYqA60h
TUPDuaLYA8OMjCVvuGApwFJqaM0YB7Iu4uolNmDT6189O3pgpgNyuqsC9ciI2fE6
1Ke9oxqhDXnpjFi/PrbxLCWW9vgt6PtfkSNMypFQBszgWck8/ND4vbHEc9Zpes0f
gVHHtHbBiMKctOgL6p/4uUHttMo/Nbd+GLpUBJBfEVRq/hBiwXNX6oSF4+CIo1xS
3cS7Ty0C8qtuASeOa1NVdJmpLobUY6VbtinGyjssOnd6YKTHopY=
=49SL
-----END PGP SIGNATURE-----

News for package python-asyncssh