+++ This bug was initially created as a clone of Bug #32641 +++ That CVE was announced here: https://www.openwall.com/lists/oss-security/2023/12/18/3 https://www.openwall.com/lists/oss-security/2023/12/19/5 https://www.openwall.com/lists/oss-security/2023/12/20/3 ruby-net-ssh is likely affected, too, the net-ssh gem 7.2.0 for Ruby is listed in the Description here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 However, I can't find a bug report about it, there is only one older security issue listed here: https://github.com/net-ssh/net-ssh/labels/security Nor anything in the 7.2.1 rc1 changelog about it being fixed https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt
CVE: (none) => CVE-2023-48795Assignee: bugsquad => pkg-bugsWhiteboard: (none) => MGA9TOO
Blocks: (none) => 32748
Blocks: 32748 => (none)