-
libssh (0.8.0~20170825.94fa1e38-1ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
checking the return of ssh_buffer_new() and added others checks
in src/sftpservcer.c, src/buffer.c.
- CVE-2020-16135
-- <email address hidden> (Leonidas S. Barbosa) Fri, 31 Jul 2020 15:46:18 -0300
-
libssh (0.8.0~20170825.94fa1e38-1ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: denial of service via AES-CTR ciphers
- debian/patches/CVE-2020-1730.patch: fix a possible segfault when
zeroing AES-CTR key in src/libcrypto.c.
- CVE-2020-1730
-- Marc Deslauriers <email address hidden> Tue, 07 Apr 2020 13:16:14 -0400
-
libssh (0.8.0~20170825.94fa1e38-1ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: unsanitized location in scp could lead to unwanted
command execution
- debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
- debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
the server in src/scp.c.
- debian/patches/CVE-2019-14889-3.patch: add function to quote file
names in include/libssh/misc.h, src/misc.c.
- debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
than 32kb in src/scp.c.
- debian/patches/CVE-2019-14889-5.patch: quote location to be used on
shell in src/scp.c.
- CVE-2019-14889
-- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:30:36 -0500
-
libssh (0.8.0~20170825.94fa1e38-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
- debian/patches/CVE-2018-10933-regression.patch: set correct state
after sending INFO_REQUEST in src/server.c.
- debian/patches/CVE-2018-10933-regression2.patch: add missing break in
src/packet.c.
- debian/patches/CVE-2018-10933-regression3.patch: set correct state
after sending GSSAPI_RESPONSE in src/gssapi.c.
-- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:01:15 -0500
-
libssh (0.8.0~20170825.94fa1e38-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2018-10933-*.patch: add upstream patches to
correct the issue.
- CVE-2018-10933
-- Marc Deslauriers <email address hidden> Tue, 16 Oct 2018 14:26:47 -0400
-
libssh (0.8.0~20170825.94fa1e38-1build1) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Wed, 07 Feb 2018 11:35:23 +0000
-
libssh (0.8.0~20170825.94fa1e38-1) unstable; urgency=medium
[ Laurent Bigonville ]
* debian/watch: Verify the signature of the upstream tarball
* debian/libssh-gcrypt-4.lintian-overrides: Adjust the overrides
[ Matteo F. Vescovi ]
* New upstream git snapshot (based on commit 94fa1e38) (Closes: #828413)
* debian/patches/: patchset refreshed against snapshot release
* debian/: symbols files refreshed for snapshot release
* debian/control: bump OpenSSL b-dep to use 1.1 version
* debian/copyright: entried updated
* debian/copyright.in: drop useless file
* debian/patches/: patchset updated
- 2004-fix-upstream-version.patch added
-- Laurent Bigonville <email address hidden> Wed, 13 Sep 2017 14:36:14 +0200
-
libssh (0.7.5-1) unstable; urgency=medium
* New upstream release.
* debian/control: Bump Standards-Version to 4.0.0 (no further changes)
* debian/libssh-gcrypt-4.lintian-overrides: Adjust library soname to the new
release
-- Laurent Bigonville <email address hidden> Mon, 03 Jul 2017 15:29:04 +0200
