Format: 1.8 Date: Tue, 10 Dec 2019 10:28:34 -0500 Source: libssh Binary: libssh-4 libssh-dev libssh-gcrypt-4 libssh-gcrypt-dev Architecture: arm64 Version: 0.8.6-3ubuntu0.3 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Changes: libssh (0.8.6-3ubuntu0.3) disco-security; urgency=medium . * SECURITY UPDATE: unsanitized location in scp could lead to unwanted command execution - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c. - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from the server in src/scp.c. - debian/patches/CVE-2019-14889-3.patch: add function to quote file names in include/libssh/misc.h, src/misc.c. - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer than 32kb in src/scp.c. - debian/patches/CVE-2019-14889-5.patch: quote location to be used on shell in src/scp.c. - CVE-2019-14889 Checksums-Sha1: 44bb41779881c7ab720112abcd5364babb969c8f 572832 libssh-4-dbgsym_0.8.6-3ubuntu0.3_arm64.ddeb ae78a8bf68a020515f764dd0b778f8e8beeb27cc 174920 libssh-4_0.8.6-3ubuntu0.3_arm64.deb 4ac8d53bf59843067b8496e51418f8580fd96bb3 228708 libssh-dev_0.8.6-3ubuntu0.3_arm64.deb 733d7ff59c983d1d7f63f6b74867ab607b49d6f1 578556 libssh-gcrypt-4-dbgsym_0.8.6-3ubuntu0.3_arm64.ddeb 02e1602e94861e34b01f599ccb116ba67791bec4 177484 libssh-gcrypt-4_0.8.6-3ubuntu0.3_arm64.deb 4e3122f0ba4ce9f9a82215d575d2de5887f8ed01 228704 libssh-gcrypt-dev_0.8.6-3ubuntu0.3_arm64.deb 1224f3ef33e16937954ac04d2c3a9184462f1080 8749 libssh_0.8.6-3ubuntu0.3_arm64.buildinfo Checksums-Sha256: 4c26ae4a94fc251cb76cefc7f9faf84b24900a5efece8fec9b728ad44449cdfc 572832 libssh-4-dbgsym_0.8.6-3ubuntu0.3_arm64.ddeb 8aefe85203ff49cd3f6a54f66577ff235fe5966b54f324b80340d37f9f756c7a 174920 libssh-4_0.8.6-3ubuntu0.3_arm64.deb 3da50aa5886164426f6453fee512d7cf04ab77703c7d86673423237800302c85 228708 libssh-dev_0.8.6-3ubuntu0.3_arm64.deb dc32edf1b2d835f9b251a6837c15a633f0083710bf67e3d4a1b92f447523a7ec 578556 libssh-gcrypt-4-dbgsym_0.8.6-3ubuntu0.3_arm64.ddeb 776d54824b53dc5158fd095b3811b6e9a6dc02a832dffd1c7bb0ad37e2488c41 177484 libssh-gcrypt-4_0.8.6-3ubuntu0.3_arm64.deb 4b77a7ddfe28f23c85ebbe45893bbd0bd5b4a560958eea04d3ab431b6eb66599 228704 libssh-gcrypt-dev_0.8.6-3ubuntu0.3_arm64.deb a705385bf0d03343c0b89474c765dd0046d2cfe021cbe8bd3650f7b27d4e01a4 8749 libssh_0.8.6-3ubuntu0.3_arm64.buildinfo Files: 454091b4d57a2119e410e307402530cd 572832 debug optional libssh-4-dbgsym_0.8.6-3ubuntu0.3_arm64.ddeb d2913984d368993c76f99af363210f77 174920 libs optional libssh-4_0.8.6-3ubuntu0.3_arm64.deb 0930ab604bd586ba735da7e09b81fba5 228708 libdevel optional libssh-dev_0.8.6-3ubuntu0.3_arm64.deb 923522e62c3d1c6639fd491720bff414 578556 debug optional libssh-gcrypt-4-dbgsym_0.8.6-3ubuntu0.3_arm64.ddeb 0b695da13012386f604dad1d2f8d490c 177484 libs optional libssh-gcrypt-4_0.8.6-3ubuntu0.3_arm64.deb 03a4f43c150f81cc396470b3a9de931d 228704 libdevel optional libssh-gcrypt-dev_0.8.6-3ubuntu0.3_arm64.deb b7160bc95bd1e649d10fe407e7ac8a55 8749 libs optional libssh_0.8.6-3ubuntu0.3_arm64.buildinfo Original-Maintainer: Laurent Bigonville