Debian Package Tracker
Register | Log in
Subscribe

trilead-ssh2

Java SSH library

Choose email to subscribe with

general
  • source: trilead-ssh2 (main)
  • version: 6401+svn158-2
  • maintainer: Debian Java Maintainers (archive) (DMD)
  • uploaders: Emmanuel Bourg [DMD]
  • arch: all
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 6401+svn158-1
  • oldstable: 6401+svn158-1.1
  • stable: 6401+svn158-1.1
  • testing: 6401+svn158-2
  • unstable: 6401+svn158-2
versioned links
  • 6401+svn158-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 6401+svn158-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 6401+svn158-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libtrilead-ssh2-java
action needed
A new upstream version is available: 6401+x+333.v769a_63c2340e high
A new upstream version 6401+x+333.v769a_63c2340e is available, you should consider packaging it.
Created: 2025-02-19 Last update: 2025-05-28 04:01
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Created: 2023-12-20 Last update: 2025-04-23 10:32
Multiarch hinter reports 1 issue(s) normal
There are issues with the multiarch metadata for this package.
  • libtrilead-ssh2-java could be marked Multi-Arch: foreign
Created: 2016-09-14 Last update: 2025-05-28 03:03
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2025-01-06 Last update: 2025-05-28 03:01
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 6401+x+324.v1d9a-9f4d065e-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit d1523c3fce22eeaeb00a4d8b5487aa6c57ef0f29
Author: Andreas Tille <tille@debian.org>
Date:   Tue Feb 18 17:11:09 2025 +0100

    Pristine-tar=true

commit cab21b37f19f80aad86f846364d555d8d615a0d1
Author: Andreas Tille <tille@debian.org>
Date:   Tue Feb 18 16:35:39 2025 +0100

    Mention new version as first entry

commit 6b2371189bf2e514766cf2b5a871631b2e26e432
Merge: fcf88e0 77daf6f
Author: Andreas Tille <tille@debian.org>
Date:   Tue Feb 18 16:34:36 2025 +0100

    Update upstream source from tag 'upstream/6401+x+324.v1d9a-9f4d065e'
    
    Update to upstream version '6401+x+324.v1d9a-9f4d065e'
    with Debian dir b45d37a19bea02d3ca9ea7ae33136d99ca0b89f0

commit fcf88e073a016d83fd135cb7442e4e1a75812389
Author: Andreas Tille <tille@debian.org>
Date:   Tue Feb 18 16:34:35 2025 +0100

    New upstream version

commit 77daf6fef02b91dfdc25e6587a3db199048b1c7e
Author: Andreas Tille <tille@debian.org>
Date:   Tue Feb 18 16:34:35 2025 +0100

    New upstream version 6401+x+324.v1d9a-9f4d065e

commit da1f07e7bef0bc4bd70fbd437a665285905801cb
Author: Andreas Tille <tille@debian.org>
Date:   Tue Feb 18 16:34:24 2025 +0100

    d/watch: No '_' in version
Created: 2021-01-01 Last update: 2025-05-27 12:04
lintian reports 3 warnings normal
Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-01-27 Last update: 2025-02-19 06:03
No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:
  • CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Created: 2024-02-10 Last update: 2025-04-23 10:32
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2025-02-24] trilead-ssh2 6401+svn158-2 MIGRATED to testing (Debian testing watch)
  • [2025-02-18] Accepted trilead-ssh2 6401+svn158-2 (source) into unstable (Andreas Tille)
  • [2021-01-07] trilead-ssh2 6401+svn158-1.1 MIGRATED to testing (Debian testing watch)
  • [2021-01-01] Accepted trilead-ssh2 6401+svn158-1.1 (source) into unstable (Holger Levsen)
  • [2015-04-27] trilead-ssh2 6401+svn158-1 MIGRATED to testing (Britney)
  • [2014-12-12] Accepted trilead-ssh2 6401+svn158-1 (source all) into unstable (Emmanuel Bourg)
  • [2014-04-20] trilead-ssh2 6401+svn158-0.1 MIGRATED to testing (Debian testing watch)
  • [2014-04-10] Accepted trilead-ssh2 6401+svn158-0.1 (source all) (Miguel Landaeta)
  • [2010-03-03] trilead-ssh2 6401-1 MIGRATED to testing (Debian testing watch)
  • [2010-02-20] Accepted trilead-ssh2 6401-1 (source all) (Matthew Johnson)
  • [2009-12-23] trilead-ssh2 211-3 MIGRATED to testing (Debian testing watch)
  • [2009-12-12] Accepted trilead-ssh2 211-3 (source all) (Matthew Johnson)
  • [2009-08-24] trilead-ssh2 211-2 MIGRATED to testing (Debian testing watch)
  • [2009-08-13] Accepted trilead-ssh2 211-2 (source all) (Matthew Johnson)
  • [2008-03-05] trilead-ssh2 211-1 MIGRATED to testing (Debian testing watch)
  • [2008-02-23] Accepted trilead-ssh2 211-1 (source all) (Matthew Johnson)
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 1
  • M&W: 1
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 3)
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 6401+svn158-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing