libssh 0.8.6-3ubuntu0.3 source package in Ubuntu

Changelog

libssh (0.8.6-3ubuntu0.3) disco-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-5.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden>  Tue, 10 Dec 2019 10:28:34 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2019-12-10
Uploaded to:
Disco
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Disco updates on 2019-12-10 main libs
Disco security on 2019-12-10 main libs

Downloads

File Size SHA-256 Checksum
libssh_0.8.6.orig.tar.xz 423.5 KiB 1046b95632a07fc00b1ea70ee683072d0c8a23f544f4535440b727812002fd01
libssh_0.8.6-3ubuntu0.3.debian.tar.xz 35.6 KiB 2a83941a4b25e3fa72634620d1315734671eccddaa3404a7a41fe9a2d85d95b3
libssh_0.8.6-3ubuntu0.3.dsc 2.5 KiB 5180f894285191ba1ad0146dcb719588235c395755588e1d27767ea17a5ef802

View changes file

Binary packages built by this source

libssh-4: tiny C SSH library (OpenSSL flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains shared libraries linked against OpenSSL.

libssh-4-dbgsym: debug symbols for libssh-4
libssh-dev: tiny C SSH library - Development files (OpenSSL flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains development files to build the OpenSSL flavor.

libssh-doc: tiny C SSH library - Documentation files

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains documentation files.

libssh-gcrypt-4: tiny C SSH library (gcrypt flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains shared libraries linked against gcrypt.

libssh-gcrypt-4-dbgsym: debug symbols for libssh-gcrypt-4
libssh-gcrypt-dev: tiny C SSH library - Development files (gcrypt flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains development files to build the gcrypt flavor.