Format: 1.8 Date: Tue, 10 Dec 2019 10:24:44 -0500 Source: libssh Binary: libssh-4 libssh-dev libssh-gcrypt-4 libssh-gcrypt-dev Architecture: i386 Version: 0.9.0-1ubuntu1.3 Distribution: eoan Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Changes: libssh (0.9.0-1ubuntu1.3) eoan-security; urgency=medium . * SECURITY UPDATE: unsanitized location in scp could lead to unwanted command execution - debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in tests/client/CMakeLists.txt, tests/client/torture_scp.c. - debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c. - debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from the server in src/scp.c. - debian/patches/CVE-2019-14889-4.patch: add function to quote file names in include/libssh/misc.h, src/misc.c. - debian/patches/CVE-2019-14889-5.patch: add unit tests for ssh_quote_file_name() in tests/unittests/torture_misc.c. - debian/patches/CVE-2019-14889-6.patch: don't allow file path longer than 32kb in src/scp.c. - debian/patches/CVE-2019-14889-7.patch: quote location to be used on shell in src/scp.c. - CVE-2019-14889 Checksums-Sha1: 0b129b6b0ff8e689d9de97bb815922a7461ba301 577920 libssh-4-dbgsym_0.9.0-1ubuntu1.3_i386.ddeb c26fa1aeeafb6b6e21c670369c447c45d2c4b117 215040 libssh-4_0.9.0-1ubuntu1.3_i386.deb b10579d600144474ef284a58c1358e00825276cd 269084 libssh-dev_0.9.0-1ubuntu1.3_i386.deb 69b7c9b91155ed948b545375ef05983b4d1bcc24 580820 libssh-gcrypt-4-dbgsym_0.9.0-1ubuntu1.3_i386.ddeb 116540964ed65bcbe6bc29889210ff860a8ebdbf 217168 libssh-gcrypt-4_0.9.0-1ubuntu1.3_i386.deb 854283bde4e31eb21dae876e3686295d54921a47 269084 libssh-gcrypt-dev_0.9.0-1ubuntu1.3_i386.deb f7ebd6b397eb87c131e9370243aad5531ce09846 8626 libssh_0.9.0-1ubuntu1.3_i386.buildinfo Checksums-Sha256: 32f2298a02b7814b5b1fe9033f6a046ae378f771c3a31b97ec018e79d51cba6b 577920 libssh-4-dbgsym_0.9.0-1ubuntu1.3_i386.ddeb 20dc1e9d449912cb0d4b0a3861b87d491fbe4efad6b1dbe19fd922cb7b7c2005 215040 libssh-4_0.9.0-1ubuntu1.3_i386.deb 3638e62163388a6302947ec4463d125202a2b8521aea3918a7fec139216143fb 269084 libssh-dev_0.9.0-1ubuntu1.3_i386.deb 46f39e03d560faaf2127b9608af393f5180069e7f971d64dc083adf2d58e5592 580820 libssh-gcrypt-4-dbgsym_0.9.0-1ubuntu1.3_i386.ddeb e63b40f074f50f7fb584d67e574feb4000519957b64479c7292c9930f194741d 217168 libssh-gcrypt-4_0.9.0-1ubuntu1.3_i386.deb ff0c300e4907c0f5698297d4cb20daa81cc241eba35f5848f072a73ca92cc186 269084 libssh-gcrypt-dev_0.9.0-1ubuntu1.3_i386.deb 2d3f1550d54edaa785c466c946a8dfcf392f5ceb2ea8b4f444590e0b827b38bc 8626 libssh_0.9.0-1ubuntu1.3_i386.buildinfo Files: d6f240b5264ff4557081d85124db8d8c 577920 debug optional libssh-4-dbgsym_0.9.0-1ubuntu1.3_i386.ddeb 1074eb54f891ddd34c82b7a8314b7b03 215040 libs optional libssh-4_0.9.0-1ubuntu1.3_i386.deb dcee2b048a351b8fa3a3380ec7b3f22f 269084 libdevel optional libssh-dev_0.9.0-1ubuntu1.3_i386.deb c286bb9c34b26da44c57fa4b4701fff4 580820 debug optional libssh-gcrypt-4-dbgsym_0.9.0-1ubuntu1.3_i386.ddeb b2ab5d82356b2d231a4938375256cffd 217168 libs optional libssh-gcrypt-4_0.9.0-1ubuntu1.3_i386.deb 5b9d13799f917a8800e89de1a71880d5 269084 libdevel optional libssh-gcrypt-dev_0.9.0-1ubuntu1.3_i386.deb b3f4a921e16dbf4b7e8369ba7f87b702 8626 libs optional libssh_0.9.0-1ubuntu1.3_i386.buildinfo Original-Maintainer: Laurent Bigonville