+++ This bug was initially created as a clone of Bug #32641 +++ That CVE was announced here: https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/19/5 https://www.openwall.com/lists/oss-security/2023/12/20/3 Many SSH implementations that are packaged in Mageia are affected: <snip> - trilead-ssh2
Whiteboard: (none) => MGA9TOO
Assignee: bugsquad => pkg-bugs
CVE: (none) => CVE-2023-48795
Blocks: (none) => 32748
Blocks: 32748 => (none)
SUSE has issued an advisory today (March 22): https://lwn.net/Articles/966407/
Adding the flag: affects_mga9 + to all bugs with MGA9TOO on the whiteboard, without removing MGA9TOO (for now).
Flags: (none) => affects_mga9+
https://github.com/jenkinsci/trilead-ssh2/releases/tag/build-217-jenkins-274.276.v58da_75159cb_7 "Backport of Terrapin fix on top of build-217-jenkins-274.va_969b_d35f933." Was released on Mar 6, 2024.. We have only rebuilt an older version against java (2x) If no one maintains this package, can't it be obsoleted? only jsch-agent-proxy-trilead-ssh2 depends on it)
(In reply to Marja Van Waes from comment #3) > https://github.com/jenkinsci/trilead-ssh2/releases/tag/build-217-jenkins-274. > 276.v58da_75159cb_7 > > "Backport of Terrapin fix on top of build-217-jenkins-274.va_969b_d35f933." > > Was released on Mar 6, 2024.... > > > We have only rebuilt an older version against java (2x) > > If no one maintains this package, then obsolete it, only > jsch-agent-proxy-trilead-ssh2 depends on it) Remove it from the "Packages that need to be obsoleted for Mageia 10 release" tracker (bug 32127) if it gets fixed fast. Else jsch-agent-proxy-trilead-ssh2 and trilead-ssh2 need to be obsoleted.
Blocks: (none) => 32127
Fixed with trilead-ssh2-217-9.jenkins293.1.mga10!
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== trilead-ssh2-217-8.jenkins293.1.mga9.noarch.rpm trilead-ssh2-javadoc-217-8.jenkins293.1.mga9.noarch.rpm From SRPMS trilead-ssh2-217-8.jenkins293.1.mga9.src.rpm
Assignee: pkg-bugs => qa-bugs
MGA9-64 server Plasma Wayland on Compaq H000SB No installation issues. No previous updates, no wiki, so # urpmq --whatrequires trilead-ssh2 jsch-agent-proxy-trilead-ssh2 svnkit trilead-ssh2 Wanting to test at least something, started googling, decided to install svnkit and svnkit-cli. Further search brought me to https://www.linode.com/docs/guides/subversion-svn-tutorial/ and https://www.linode.com/docs/guides/install-apache-subversion-ubuntu/ but the apache dependencies are probably in other packages for Mageia, so I am stuck there. As this is largely developers territory, and you judge clean install is OK, plse set the OK, you have my blessing.
CC: (none) => herman.viaene
Keywords: (none) => advisory
Thanks Herman
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
(In reply to Marja Van Waes from comment #4) > > If no one maintains this package, then obsolete it, only > > jsch-agent-proxy-trilead-ssh2 depends on it) > > Remove it from the "Packages that need to be obsoleted for Mageia 10 > release" tracker (bug 32127) if it gets fixed fast. > > Else jsch-agent-proxy-trilead-ssh2 and trilead-ssh2 need to be obsoleted. No longer blocking bug 32127.
Blocks: 32127 => (none)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0066.html
Status: NEW => RESOLVEDResolution: (none) => FIXED