Source: python-asyncssh Version: 1.11.1-1 Severity: grave Tags: patch security upstream
Hi, the following vulnerability was published for python-asyncssh, although there should be not "servers" implemented in Debian depending on python3-asyncssh, still chosed an RC severity to have the fix certain included in next stable release (but expect that 1.12.1 land soon anyhow in unstable). CVE-2018-7749[0]: | The SSH server implementation of AsyncSSH before 1.12.1 does not | properly check whether authentication is completed before processing | other requests. A customized SSH client can simply skip the | authentication step. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7749 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749 [1] https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4 Regards, Salvatore
