Format: 1.8 Date: Tue, 10 Dec 2019 10:24:44 -0500 Source: libssh Binary: libssh-4 libssh-dev libssh-gcrypt-4 libssh-gcrypt-dev Architecture: s390x Version: 0.9.0-1ubuntu1.3 Distribution: eoan Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Changes: libssh (0.9.0-1ubuntu1.3) eoan-security; urgency=medium . * SECURITY UPDATE: unsanitized location in scp could lead to unwanted command execution - debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in tests/client/CMakeLists.txt, tests/client/torture_scp.c. - debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c. - debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from the server in src/scp.c. - debian/patches/CVE-2019-14889-4.patch: add function to quote file names in include/libssh/misc.h, src/misc.c. - debian/patches/CVE-2019-14889-5.patch: add unit tests for ssh_quote_file_name() in tests/unittests/torture_misc.c. - debian/patches/CVE-2019-14889-6.patch: don't allow file path longer than 32kb in src/scp.c. - debian/patches/CVE-2019-14889-7.patch: quote location to be used on shell in src/scp.c. - CVE-2019-14889 Checksums-Sha1: 4a01e5e7d6b35086092589d3a439350df4cb8087 674360 libssh-4-dbgsym_0.9.0-1ubuntu1.3_s390x.ddeb 0d4aad1c0d39cb1e544c8b9bf591f07135e62f1d 178528 libssh-4_0.9.0-1ubuntu1.3_s390x.deb f156c81217374b6eec510dffcd2f07498f415956 231128 libssh-dev_0.9.0-1ubuntu1.3_s390x.deb fd18c8e7f775f288fd974837682ca96967edb0ed 677944 libssh-gcrypt-4-dbgsym_0.9.0-1ubuntu1.3_s390x.ddeb aa074050f5d994c407dc5697b938317006b9da40 181928 libssh-gcrypt-4_0.9.0-1ubuntu1.3_s390x.deb a1ec99b01b80ceface830cb1d63280d9fdffc03c 231124 libssh-gcrypt-dev_0.9.0-1ubuntu1.3_s390x.deb 8601ee0e49e1aa70312882de9c4c5660b539353a 8613 libssh_0.9.0-1ubuntu1.3_s390x.buildinfo Checksums-Sha256: 73ff780d9031c249b6813f3d377d76ae4d4eb322dcbd089d1820d819510afb3e 674360 libssh-4-dbgsym_0.9.0-1ubuntu1.3_s390x.ddeb 9dbab83a645e4415f6a5192f370b8f27c3aa5ec13a6f05270fa86f757f5531f4 178528 libssh-4_0.9.0-1ubuntu1.3_s390x.deb 68086f9cabbd92f188f12e152624d8339a3721754efe6c2486c983e56ba6d1e0 231128 libssh-dev_0.9.0-1ubuntu1.3_s390x.deb 2eceedcbf63191f2439158a9b91d983c80bd11c6ed928af7ea19807e8c804114 677944 libssh-gcrypt-4-dbgsym_0.9.0-1ubuntu1.3_s390x.ddeb d592adb97afd614740243fe3870b40f99ceeebf897756a7fa2c2e70cf332a0a4 181928 libssh-gcrypt-4_0.9.0-1ubuntu1.3_s390x.deb e548be870ea57417eba3445d545d543c898648bb9b7aeec4d724c7a57839e93a 231124 libssh-gcrypt-dev_0.9.0-1ubuntu1.3_s390x.deb 3759a84e20e329d1366cb5d0e6542ed1bf6237ae76909cb843832b6e3b3d9875 8613 libssh_0.9.0-1ubuntu1.3_s390x.buildinfo Files: ed73412d012f220015dae501b372db14 674360 debug optional libssh-4-dbgsym_0.9.0-1ubuntu1.3_s390x.ddeb ecfd9497f6d4e42a2107d9aab7f8106f 178528 libs optional libssh-4_0.9.0-1ubuntu1.3_s390x.deb 8a5b962c82b01fccf7a584553976083f 231128 libdevel optional libssh-dev_0.9.0-1ubuntu1.3_s390x.deb 6e635fb4ebcfc472051809e626ce48dc 677944 debug optional libssh-gcrypt-4-dbgsym_0.9.0-1ubuntu1.3_s390x.ddeb 1059829ffcfc9b74267d8d262678d391 181928 libs optional libssh-gcrypt-4_0.9.0-1ubuntu1.3_s390x.deb 2faf3b6e161cf927bc9959649a9b5144 231124 libdevel optional libssh-gcrypt-dev_0.9.0-1ubuntu1.3_s390x.deb 571e12115f69f78f012f7232473b33ab 8613 libs optional libssh_0.9.0-1ubuntu1.3_s390x.buildinfo Original-Maintainer: Laurent Bigonville