Adding patchinfo patchinfo.20240704202834160238.269002615871826

2024-07-17 15:00:44 +02:00 · 2024-07-17 15:00:44 +02:00 · 5fe3672f0e
commit 5fe3672f0e
parent 5ce73fcc15
1 changed files with 23 additions and 0 deletions
--- a/patchinfo.20240704202834160238.269002615871826/_patchinfo
+++ b/patchinfo.20240704202834160238.269002615871826/_patchinfo
@ -0,0 +1,23 @@
+<patchinfo>
+  <!-- generated from request(s) 337749 -->
+  <issue tracker="bnc" id="1217950">VUL-0: CVE-2023-48795: openssh: prefix truncation breaking ssh channel integrity aka Terrapin Attack</issue>
+  <issue tracker="bnc" id="1218215">VUL-0: CVE-2023-51385: openssh: command injection via user name or host name metacharacters</issue>
+  <issue tracker="bnc" id="1226642">VUL-0: CVE-2024-6387: openssh: regression of CVE-2006-5051</issue>
+  <issue tracker="cve" id="2023-48795"/>
+  <issue tracker="cve" id="2023-51385"/>
+  <issue tracker="cve" id="2024-6387"/>
+  <issue tracker="bnc" id="1227318">VUL-0: CVE-2024-39894: openssh: timing attacks against echo-off password entry</issue>
+  <issue tracker="cve" id="2024-39894"/>
+  <packager>alarrosa</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for openssh</summary>
+  <description>This update for openssh fixes the following issues:
+
+- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318)
+- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642).
+</description>
+  <package>openssh</package>
+  <package>openssh:openssh-askpass-gnome</package>
+  <seperate_build_arch/>
+</patchinfo>