Format: 1.8 Date: Mon, 18 Dec 2023 17:32:08 -0500 Source: libssh Binary: libssh-4 libssh-dev libssh-gcrypt-4 libssh-gcrypt-dev Architecture: i386 Version: 0.9.3-2ubuntu2.4 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Changes: libssh (0.9.3-2ubuntu2.4) focal-security; urgency=medium . * SECURITY UPDATE: Prefix truncation attack on BPP - debian/patches/CVE-2023-48795-1.patch: add client side mitigation. - debian/patches/CVE-2023-48795-2.patch: add server side mitigations. - debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex lists for matching. - debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to strict kex. - CVE-2023-48795 Checksums-Sha1: 9706aa2d625cf17a9fdc7d6257d055fcdda17c2e 392500 libssh-4-dbgsym_0.9.3-2ubuntu2.4_i386.ddeb a33c1f41c2c30972bab5140ba2c09555b2d6d25a 188720 libssh-4_0.9.3-2ubuntu2.4_i386.deb 3083f5907818f4fdb2d09ddda5795baa813da2b7 243044 libssh-dev_0.9.3-2ubuntu2.4_i386.deb 342ef9b1fc2210812acf1816eca9ac58cc0a1612 426120 libssh-gcrypt-4-dbgsym_0.9.3-2ubuntu2.4_i386.ddeb bf6da721c54a9dee5836a2582c8b51951188bccc 221416 libssh-gcrypt-4_0.9.3-2ubuntu2.4_i386.deb 75619a00241c671f39d606be9f5e50ecfe8e2447 278296 libssh-gcrypt-dev_0.9.3-2ubuntu2.4_i386.deb 940506029151b082cafef8dad6f411e7dd0366b3 9533 libssh_0.9.3-2ubuntu2.4_i386.buildinfo Checksums-Sha256: d33fce3f0238022aec843d36a3165fbc0f73d01d5c3c5475f4ec09ada29fba07 392500 libssh-4-dbgsym_0.9.3-2ubuntu2.4_i386.ddeb c3688df1dcb46adf2e351b5b7dde1bb777c754f06bd184fcfa25a1ac262a311a 188720 libssh-4_0.9.3-2ubuntu2.4_i386.deb 87e039eccfffc20d310facf348828ad915eb003765fd14290887bae5af68df60 243044 libssh-dev_0.9.3-2ubuntu2.4_i386.deb c30bfb4d755997b95bf5a2f43fa5db7b126d66f51eed1d5ecf2b94f327ba8878 426120 libssh-gcrypt-4-dbgsym_0.9.3-2ubuntu2.4_i386.ddeb 5dd73da9a1f801298e89329dc8d41290779e2e1e5d2f8979db029d16c2cf182c 221416 libssh-gcrypt-4_0.9.3-2ubuntu2.4_i386.deb 29338c02f7630130246c09811437f12c110639caef461110a465f5aef8b17943 278296 libssh-gcrypt-dev_0.9.3-2ubuntu2.4_i386.deb 3fd9d343f727aa716e56f8e4ff7c50249f48b69934a88e551afd4b09f51cf08e 9533 libssh_0.9.3-2ubuntu2.4_i386.buildinfo Files: 57dd732f3def22fae03634ed6fe1582e 392500 debug optional libssh-4-dbgsym_0.9.3-2ubuntu2.4_i386.ddeb df2bff0ad7bac31165317f28d5df5592 188720 libs optional libssh-4_0.9.3-2ubuntu2.4_i386.deb 257d0b5884b9ac0622d42513bdeb6c4d 243044 libdevel optional libssh-dev_0.9.3-2ubuntu2.4_i386.deb cf71c97be656f190354b1fe951041894 426120 debug optional libssh-gcrypt-4-dbgsym_0.9.3-2ubuntu2.4_i386.ddeb cd6b71eac6b768c022fab75222a2722b 221416 libs optional libssh-gcrypt-4_0.9.3-2ubuntu2.4_i386.deb b47bc236cde0d8f22ef5a3889d73b740 278296 libdevel optional libssh-gcrypt-dev_0.9.3-2ubuntu2.4_i386.deb 53497b4ce63b3a758c0de4c227f66f7d 9533 libs optional libssh_0.9.3-2ubuntu2.4_i386.buildinfo Original-Maintainer: Laurent Bigonville