-
libssh (0.10.6-2build2) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 02:17:37 +0000
-
libssh (0.10.6-2build1) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 18:28:26 +0000
-
libssh (0.10.6-2) unstable; urgency=medium
* Fix regression in IPv6 addresses in hostname parsing.
Patch and unit test backported from upstream stable-0.10 branch.
See https://gitlab.com/libssh/libssh-mirror/-/issues/227
-- Martin Pitt <email address hidden> Fri, 22 Dec 2023 16:29:47 +0100
-
libssh (0.10.5-3ubuntu2) noble; urgency=medium
* SECURITY UPDATE: Prefix truncation attack on BPP
- debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
- debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
- debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
lists for matching.
- debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
strict kex.
- CVE-2023-48795
-- Marc Deslauriers <email address hidden> Mon, 18 Dec 2023 17:18:26 -0500
-
libssh (0.10.5-3ubuntu1) mantic; urgency=medium
* debian/patches/gitlab_events_fixes.patch:
- cherry pick an upstream candidate fix for a regression caught by
the autopkgtest setup
-- Sebastien Bacher <email address hidden> Mon, 28 Aug 2023 15:29:58 +0200