[jgit-dev] Vulnerability CVE-2023-48795

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jgit-dev] Vulnerability CVE-2023-48795

From: "Malyshkin, Denis" <dmalyshkin@xxxxxxxxxx>
Date: Tue, 2 Jan 2024 20:12:08 +0600
Delivered-to: jgit-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jgit-dev/>
List-help: <mailto:jgit-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jgit-dev>, <mailto:jgit-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jgit-dev>, <mailto:jgit-dev-request@eclipse.org?subject=unsubscribe>

Hello all,

There is a new vulnerability -- https://nvd.nist.gov/vuln/detail/CVE-2023-48795

According to the list of the affected libraries, the "Apache MINA sshd through 2.11.0" library is also affected.

Does this vulnerability affect JGit and/or JGit users somehow?

If yes, do you have plans to update the Apache Mina library? Do you have a ticket for this?

The corresponding Apache Mina ticket is still in progress yet -- https://github.com/apache/mina-sshd/issues/445

Best regards,
Denis Malyshkin,
Senior C++ Developer
of ISS Art, Ltd., Omsk, Russia.
Mobile Phone: +7 913 669 2896
Office tel/fax +7 3812 396959
Yahoo Messenger: dmalyshkin
Web: http://www.issart.com

E-mail: dmalyshkin@xxxxxxxxxx

Follow-Ups:
- Re: [jgit-dev] Vulnerability CVE-2023-48795
  - From: Thomas Wolf

Prev by Date: [jgit-dev] Issue tracking and wiki
Next by Date: Re: [jgit-dev] Vulnerability CVE-2023-48795
Previous by thread: [jgit-dev] Issue tracking and wiki
Next by thread: Re: [jgit-dev] Vulnerability CVE-2023-48795
Index(es):
- Date
- Thread

Breadcrumbs