Ubuntu
libssh package

libssh 0.9.0-1ubuntu1.3 source package in Ubuntu

Changelog

libssh (0.9.0-1ubuntu1.3) eoan-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
      tests/client/CMakeLists.txt, tests/client/torture_scp.c.
    - debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-4.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-5.patch: add unit tests for
      ssh_quote_file_name() in tests/unittests/torture_misc.c.
    - debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-7.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden>  Tue, 10 Dec 2019 10:24:44 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libssh_0.9.0.orig.tar.xz 476.2 KiB 25303c2995e663cd169fdd902bae88106f48242d7e96311d74f812023482c7a5
libssh_0.9.0.orig.tar.xz.asc 833 bytes 376c3d17bd252290b911903cae6a0bacae7864194224d5bf6f3a0073baf7b83a
libssh_0.9.0-1ubuntu1.3.debian.tar.xz 36.9 KiB 0190581a542e68679606935a383161163c694cc5af1fbdb6f1a29edf6316e6b3
libssh_0.9.0-1ubuntu1.3.dsc 2.7 KiB c325283f9e4904fd6d909d0d28f371624f97fd09697656603003e64c1870dab1

View changes file

Binary packages built by this source

libssh-4: No summary available for libssh-4 in ubuntu eoan.

No description available for libssh-4 in ubuntu eoan.

libssh-4-dbgsym: No summary available for libssh-4-dbgsym in ubuntu eoan.

No description available for libssh-4-dbgsym in ubuntu eoan.

libssh-dev: No summary available for libssh-dev in ubuntu eoan.

No description available for libssh-dev in ubuntu eoan.

libssh-doc: No summary available for libssh-doc in ubuntu eoan.

No description available for libssh-doc in ubuntu eoan.

libssh-gcrypt-4: No summary available for libssh-gcrypt-4 in ubuntu eoan.

No description available for libssh-gcrypt-4 in ubuntu eoan.

libssh-gcrypt-4-dbgsym: No summary available for libssh-gcrypt-4-dbgsym in ubuntu eoan.

No description available for libssh-gcrypt-4-dbgsym in ubuntu eoan.

libssh-gcrypt-dev: No summary available for libssh-gcrypt-dev in ubuntu eoan.

No description available for libssh-gcrypt-dev in ubuntu eoan.