Ubuntu
libssh package

Change logs for libssh source package in Xenial

Xenial (16.04)
Change log

libssh (0.6.3-4.3ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
      checking the return of ssh_buffer_new() and added others checks
      in src/sftpservcer.c, src/buffer.c.
    - CVE-2020-16135

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 31 Jul 2020 16:48:59 -0300

libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: unsanitized location in scp could lead to unwanted
    command execution
    - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c.
    - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from
      the server in src/scp.c.
    - debian/patches/CVE-2019-14889-3.patch: add function to quote file
      names in include/libssh/misc.h, src/misc.c.
    - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer
      than 32kb in src/scp.c.
    - debian/patches/CVE-2019-14889-5.patch: quote location to be used on
      shell in src/scp.c.
    - CVE-2019-14889

 -- Marc Deslauriers <email address hidden>  Tue, 10 Dec 2019 10:32:29 -0500

libssh (0.6.3-4.3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <email address hidden>  Tue, 27 Nov 2018 10:04:57 -0500

libssh (0.6.3-4.3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2018-10933-*.patch: add upstream patches to
      correct the issue.
    - CVE-2018-10933

 -- Marc Deslauriers <email address hidden>  Tue, 16 Oct 2018 15:05:17 -0400

libssh (0.6.3-4.3) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2016-0739: Truncated Diffie-Hellman secret length (Closes: #815663)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 23 Feb 2016 19:54:04 +0100

libssh (0.6.3-4.2ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: weakness in diffie-hellman secret key generation
    - debian/patches/CVE-2016-0739.patch: fix bits/bytes confusion bug in
      src/dh.c.
    - CVE-2016-0739

 -- Marc Deslauriers <email address hidden>  Tue, 23 Feb 2016 07:47:11 -0500

libssh (0.6.3-4.2) unstable; urgency=medium

  * Non-maintainer upload.
  * debian/patches: Add 0002_CVE-2015-3146.patch from 0.6.5 release upstream
    (Closes: #784404)

 -- Christopher Knadle <email address hidden>  Mon, 16 Nov 2015 04:26:51 -0500

libssh (0.6.3-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix "ftbfs with GCC-5": add patch from Matthias Klose/Ubuntu:
    add __extension__ to __FUNCTION__.
    (Closes: #777975)

 -- gregor herrmann <email address hidden>  Sat, 18 Jul 2015 20:38:30 +0200

libssh (0.6.3-3ubuntu3) vivid; urgency=medium

  * Fix build with GCC 5.
 -- Matthias Klose <email address hidden>   Thu, 05 Mar 2015 17:43:09 +0100

Ubuntulibssh package

Change logs for libssh source package in Xenial

Ubuntu
libssh package