From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35A60EB106D for ; Tue, 10 Mar 2026 15:13:30 +0000 (UTC) Subject: Re: [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731 To: openembedded-devel@lists.openembedded.org From: "Deepak Rathore" X-Originating-Location: Mumbai, Maharashtra, IN (151.186.177.21) X-Originating-Platform: Windows Edge 145 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Tue, 10 Mar 2026 08:13:25 -0700 References: <20260310121417.194408-1-deeratho@cisco.com> In-Reply-To: Message-ID: <86833.1773155605803464203@lists.openembedded.org> Content-Type: multipart/alternative; boundary="v1erJjoqWg16IqpA2N0g" List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 10 Mar 2026 15:13:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/125033 --v1erJjoqWg16IqpA2N0g Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Gyorgy Sarvari, This CVE is fixed in libssh-0.12.0 tag and master branch which is major upg= rade for master branch. Please refer below URL: projects/libssh.git - libssh shared repository ( https://git.libssh.org/pro= jects/libssh.git/commit/?h=3Dlibssh-0.12.0&id=3D855a0853ad3abd4a6cd85ce06fc= e6d8d4c7a0b60 ) Please suggest if we can upgrade to libssh-0.12.0 release or not. Regards, Deepak --v1erJjoqWg16IqpA2N0g Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
Hi Gyorgy Sarvari,
 
This CVE is fixed in libssh-0.12.0 tag and master branch which is majo= r upgrade for master branch. Please refer below URL:
 
Please suggest if we can upgrade to libssh-0.12.0 release or not.
 
Regards,
Deepak
--v1erJjoqWg16IqpA2N0g--