libssh 0.9.0-1ubuntu1.3 source package in Ubuntu

Changelog

libssh (0.9.0-1ubuntu1.3) eoan-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
      tests/client/CMakeLists.txt, tests/client/torture_scp.c.
    - debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-4.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-5.patch: add unit tests for
      ssh_quote_file_name() in tests/unittests/torture_misc.c.
    - debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-7.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden>  Tue, 10 Dec 2019 10:24:44 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2019-12-10
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libssh_0.9.0.orig.tar.xz 476.2 KiB 25303c2995e663cd169fdd902bae88106f48242d7e96311d74f812023482c7a5
libssh_0.9.0.orig.tar.xz.asc 833 bytes 376c3d17bd252290b911903cae6a0bacae7864194224d5bf6f3a0073baf7b83a
libssh_0.9.0-1ubuntu1.3.debian.tar.xz 36.9 KiB 0190581a542e68679606935a383161163c694cc5af1fbdb6f1a29edf6316e6b3
libssh_0.9.0-1ubuntu1.3.dsc 2.7 KiB c325283f9e4904fd6d909d0d28f371624f97fd09697656603003e64c1870dab1

View changes file

Binary packages built by this source

libssh-4: tiny C SSH library (OpenSSL flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains shared libraries linked against OpenSSL.

libssh-4-dbgsym: debug symbols for libssh-4
libssh-dev: tiny C SSH library - Development files (OpenSSL flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains development files to build the OpenSSL flavor.

libssh-doc: tiny C SSH library - Documentation files

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains documentation files.

libssh-gcrypt-4: tiny C SSH library (gcrypt flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains shared libraries linked against gcrypt.

libssh-gcrypt-4-dbgsym: debug symbols for libssh-gcrypt-4
libssh-gcrypt-dev: tiny C SSH library - Development files (gcrypt flavor)

 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client
 is made by the programmer. With libssh, you can remotely execute programs,
 transfer files, use a secure and transparent tunnel for your remote programs.
 With its SFTP implementation, you can play with remote files easily.
 .
 This package contains development files to build the gcrypt flavor.