-
libssh (0.6.3-4.3ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
checking the return of ssh_buffer_new() and added others checks
in src/sftpservcer.c, src/buffer.c.
- CVE-2020-16135
-- <email address hidden> (Leonidas S. Barbosa) Fri, 31 Jul 2020 16:48:59 -0300
-
libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: unsanitized location in scp could lead to unwanted
command execution
- debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
- debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
the server in src/scp.c.
- debian/patches/CVE-2019-14889-3.patch: add function to quote file
names in include/libssh/misc.h, src/misc.c.
- debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
than 32kb in src/scp.c.
- debian/patches/CVE-2019-14889-5.patch: quote location to be used on
shell in src/scp.c.
- CVE-2019-14889
-- Marc Deslauriers <email address hidden> Tue, 10 Dec 2019 10:32:29 -0500
-
libssh (0.6.3-4.3ubuntu0.2) xenial-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
- debian/patches/CVE-2018-10933-regression.patch: set correct state
after sending INFO_REQUEST in src/server.c.
- debian/patches/CVE-2018-10933-regression2.patch: add missing break in
src/packet.c.
- debian/patches/CVE-2018-10933-regression3.patch: set correct state
after sending GSSAPI_RESPONSE in src/gssapi.c.
-- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:04:57 -0500
-
libssh (0.6.3-4.3ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2018-10933-*.patch: add upstream patches to
correct the issue.
- CVE-2018-10933
-- Marc Deslauriers <email address hidden> Tue, 16 Oct 2018 15:05:17 -0400
-
libssh (0.6.3-4.3) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2016-0739: Truncated Diffie-Hellman secret length (Closes: #815663)
-- Salvatore Bonaccorso <email address hidden> Tue, 23 Feb 2016 19:54:04 +0100
-
libssh (0.6.3-4.2ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: weakness in diffie-hellman secret key generation
- debian/patches/CVE-2016-0739.patch: fix bits/bytes confusion bug in
src/dh.c.
- CVE-2016-0739
-- Marc Deslauriers <email address hidden> Tue, 23 Feb 2016 07:47:11 -0500
-
libssh (0.6.3-4.2) unstable; urgency=medium
* Non-maintainer upload.
* debian/patches: Add 0002_CVE-2015-3146.patch from 0.6.5 release upstream
(Closes: #784404)
-- Christopher Knadle <email address hidden> Mon, 16 Nov 2015 04:26:51 -0500
-
libssh (0.6.3-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix "ftbfs with GCC-5": add patch from Matthias Klose/Ubuntu:
add __extension__ to __FUNCTION__.
(Closes: #777975)
-- gregor herrmann <email address hidden> Sat, 18 Jul 2015 20:38:30 +0200
-
libssh (0.6.3-3ubuntu3) vivid; urgency=medium
* Fix build with GCC 5.
-- Matthias Klose <email address hidden> Thu, 05 Mar 2015 17:43:09 +0100