libssh 0.9.0-1ubuntu5 source package in Ubuntu
Changelog
libssh (0.9.0-1ubuntu5) focal; urgency=medium
* SECURITY UPDATE: unsanitized location in scp could lead to unwanted
command execution
- debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
tests/client/CMakeLists.txt, tests/client/torture_scp.c.
- debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
- debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
the server in src/scp.c.
- debian/patches/CVE-2019-14889-4.patch: add function to quote file
names in include/libssh/misc.h, src/misc.c.
- debian/patches/CVE-2019-14889-5.patch: add unit tests for
ssh_quote_file_name() in tests/unittests/torture_misc.c.
- debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
than 32kb in src/scp.c.
- debian/patches/CVE-2019-14889-7.patch: quote location to be used on
shell in src/scp.c.
- CVE-2019-14889
-- Marc Deslauriers <email address hidden> Wed, 11 Dec 2019 09:48:38 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libssh_0.9.0.orig.tar.xz | 476.2 KiB | 25303c2995e663cd169fdd902bae88106f48242d7e96311d74f812023482c7a5 |
| libssh_0.9.0-1ubuntu5.debian.tar.xz | 37.0 KiB | 9f95e62446289df0f47370b5e00e6784fde17c476b6aa439b553494c1adc0210 |
| libssh_0.9.0-1ubuntu5.dsc | 2.5 KiB | f1dfe8beea41c82c3f7aab10fad0074a5b2b503f88ee3a1159c6c96417fbf79b |
Available diffs
- diff from 0.9.0-1ubuntu4 to 0.9.0-1ubuntu5 (14.1 KiB)
Binary packages built by this source
- libssh-4: tiny C SSH library (OpenSSL flavor)
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client
is made by the programmer. With libssh, you can remotely execute programs,
transfer files, use a secure and transparent tunnel for your remote programs.
With its SFTP implementation, you can play with remote files easily.
.
This package contains shared libraries linked against OpenSSL.
- libssh-4-dbgsym: debug symbols for libssh-4
- libssh-dev: tiny C SSH library - Development files (OpenSSL flavor)
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client
is made by the programmer. With libssh, you can remotely execute programs,
transfer files, use a secure and transparent tunnel for your remote programs.
With its SFTP implementation, you can play with remote files easily.
.
This package contains development files to build the OpenSSL flavor.
- libssh-doc: tiny C SSH library - Documentation files
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client
is made by the programmer. With libssh, you can remotely execute programs,
transfer files, use a secure and transparent tunnel for your remote programs.
With its SFTP implementation, you can play with remote files easily.
.
This package contains documentation files.
- libssh-gcrypt-4: tiny C SSH library (gcrypt flavor)
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client
is made by the programmer. With libssh, you can remotely execute programs,
transfer files, use a secure and transparent tunnel for your remote programs.
With its SFTP implementation, you can play with remote files easily.
.
This package contains shared libraries linked against gcrypt.
- libssh-gcrypt-4-dbgsym: debug symbols for libssh-gcrypt-4
- libssh-gcrypt-dev: tiny C SSH library - Development files (gcrypt flavor)
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client
is made by the programmer. With libssh, you can remotely execute programs,
transfer files, use a secure and transparent tunnel for your remote programs.
With its SFTP implementation, you can play with remote files easily.
.
This package contains development files to build the gcrypt flavor.
