Format: 1.8
Date: Sun, 31 Mar 2019 16:06:20 +0200
Source: libssh2
Binary: libssh2-1 libssh2-1-dev
Architecture: i386
Version: 1.8.0-2.1
Distribution: disco-proposed
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-026.buildd>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 libssh2-1  - SSH2 client-side library
 libssh2-1-dev - SSH2 client-side library (development headers)
Closes: 924965
Changes:
 libssh2 (1.8.0-2.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Possible integer overflow in transport read allows out-of-bounds write
     (CVE-2019-3855) (Closes: #924965)
   * Possible integer overflow in keyboard interactive handling allows
     out-of-bounds write (CVE-2019-3856) (Closes: #924965)
   * Possible integer overflow leading to zero-byte allocation and
     out-of-bounds write (CVE-2019-3857) (Closes: #924965)
   * Possible zero-byte allocation leading to an out-of-bounds read
     (CVE-2019-3858) (Closes: #924965)
   * Out-of-bounds reads with specially crafted payloads due to unchecked use
     of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
     (Closes: #924965)
   * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
     (Closes: #924965)
   * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
     (Closes: #924965)
   * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
   * Integer overflow in user authenicate keyboard interactive allows
     out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
   * Fixed misapplied patch for user auth.
   * moved MAX size declarations
Checksums-Sha1:
 ba8fe9eb940f3cd494a119c23a7662ea2a2ee001 222528 libssh2-1-dbgsym_1.8.0-2.1_i386.ddeb
 5b55e3755464241014f342fe3d8f96b93ce2a312 252604 libssh2-1-dev_1.8.0-2.1_i386.deb
 c9f4defbe7b6739f73af79e1eaf535c6bd633a4b 81688 libssh2-1_1.8.0-2.1_i386.deb
 38d21e468bb4665bac6c1fe3a78361752c60f03c 5320 libssh2_1.8.0-2.1_i386.buildinfo
Checksums-Sha256:
 72cb6c4da2435e2aaba27db2abe9fe52d43b2d2e20b9ec0f03350e0c535122c5 222528 libssh2-1-dbgsym_1.8.0-2.1_i386.ddeb
 71bef1be8d710e7dd43e701bd2ef06b759baa585ffb443afc9716dde00a66756 252604 libssh2-1-dev_1.8.0-2.1_i386.deb
 0374eadceb4b2aaf602fe6471b059630302129e22e0ff92dc8ab41abc53690bd 81688 libssh2-1_1.8.0-2.1_i386.deb
 fd4f01ce6ddd449bc4f21f192c856d2cfd1f7710b4f92852d8773efb2096debf 5320 libssh2_1.8.0-2.1_i386.buildinfo
Files:
 921cc05526dbd447d214fe993716cb4a 222528 debug optional libssh2-1-dbgsym_1.8.0-2.1_i386.ddeb
 ad2c78fc945dcbf85cc42fcfb842dcf1 252604 libdevel optional libssh2-1-dev_1.8.0-2.1_i386.deb
 a7735f7da028b9b70040c7cb91e38ea5 81688 libs optional libssh2-1_1.8.0-2.1_i386.deb
 7f9ad52612cb6fad12691890332dfa02 5320 libs optional libssh2_1.8.0-2.1_i386.buildinfo