Change logs for libssh2 source package in Eoan

  • libssh2 (1.8.0-2.1build1) eoan; urgency=medium
    
      * No-change upload with strops.h and sys/strops.h removed in glibc.
    
     -- Matthias Klose <email address hidden>  Thu, 05 Sep 2019 11:00:41 +0000
  • libssh2 (1.8.0-2.1) unstable; urgency=high
    
      * Non-maintainer upload.
      * Possible integer overflow in transport read allows out-of-bounds write
        (CVE-2019-3855) (Closes: #924965)
      * Possible integer overflow in keyboard interactive handling allows
        out-of-bounds write (CVE-2019-3856) (Closes: #924965)
      * Possible integer overflow leading to zero-byte allocation and
        out-of-bounds write (CVE-2019-3857) (Closes: #924965)
      * Possible zero-byte allocation leading to an out-of-bounds read
        (CVE-2019-3858) (Closes: #924965)
      * Out-of-bounds reads with specially crafted payloads due to unchecked use
        of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
        (Closes: #924965)
      * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
        (Closes: #924965)
      * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
        (Closes: #924965)
      * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
      * Integer overflow in user authenicate keyboard interactive allows
        out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
      * Fixed misapplied patch for user auth.
      * moved MAX size declarations
    
     -- Salvatore Bonaccorso <email address hidden>  Sun, 31 Mar 2019 16:06:20 +0200