Debian alert DLA-2184-1 (jsch)

From:
             
 
Thorsten Alteholz <debian@alteholz.de> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2184-1] jsch security update 
Date:
             
 
Sat, 25 Apr 2020 19:25:49 +0200 (CEST)
Message-ID:
             
 
<alpine.DEB.2.20.2004251925081.12702@jupiter.server.alteholz.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jsch
Version        : 0.1.51-1+deb8u1
CVE ID         : CVE-2016-5725


It was discovered that there was a path traversal vulnerability in jsch, a
pure Java implementation of the SSH2 protocol.


For Debian 8 "Jessie", this problem has been fixed in version
0.1.51-1+deb8u1.

We recommend that you upgrade your jsch packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6kcp1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEc/2hAAiUg9Gk0MiYiGBycechOm+u8dXmYl2Wf5qH0K4dCpR8sIYHk6Xv+JbHj3
Utvxxt6zo/IVb0Sc6t5vq2W1ipihpUILpqIt/FykPdWymha3s7ecyLNcCE5qdzIS
fBH3ACrAfbrsCyN/s0xCvVKs/+OE2j0BWhqJIuRIxexKkSRg1lrtTvoTIoqSda0f
D51PL0R+OW3HlLNGYdUCCbX3bo1Cb21Tv89bf5cELRM9tpwimBztUlwk++rT/5yR
QG9IqtsWjyi83/Zk0v6HEOUBFEnUxzWY3pi+Gjz3tCYuByJnv9okR5RDB7vLCvNt
TjaGKRKQ2IWbPulmi2rRy2MEQl/I2OhjBMuBxMKgGCsVb6QUCy59CO+K5pcWG9yS
AWyw/TIOChP1vxpUe1JQ+QmkmID3QUg30ybOrOWawXILkM+D1FyEbluunV1Ex5mW
IhSrw9hhltPwOE8evBQYz+nZe4aqx6W/ZpVRfoBmUZCo4+PQg4sj+/gX8XhOhbmn
TUcxUZkk/xhY05onOaHYihO1duS6gjrjTBknN3DlCXJqTkgs0UHYRKx0DvD47gq6
Q7P9Bki6XA1jK2c+4X2ys8Wha98SWA8Zc9YNIMv0GBYjZC6aTzJcfdxcQTAwIxL0
EVs8BhJT042d1KCyFLvlsJrTisYAmUbnbmjb0vYM2jLzJZSGahU=
=9QWL
-----END PGP SIGNATURE-----