Format: 1.8 Date: Tue, 10 Dec 2019 10:32:29 -0500 Source: libssh Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg libssh-doc Architecture: arm64 Version: 0.6.3-4.3ubuntu0.5 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dbg - tiny C SSH library. Debug symbols libssh-dev - tiny C SSH library. Development files (OpenSSL flavor) libssh-doc - tiny C SSH library. Documentation files libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor) Changes: libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium . * SECURITY UPDATE: unsanitized location in scp could lead to unwanted command execution - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c. - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from the server in src/scp.c. - debian/patches/CVE-2019-14889-3.patch: add function to quote file names in include/libssh/misc.h, src/misc.c. - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer than 32kb in src/scp.c. - debian/patches/CVE-2019-14889-5.patch: quote location to be used on shell in src/scp.c. - CVE-2019-14889 Checksums-Sha1: 5df1628b5094e074468285f8f396604ed13cfc58 1030 libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb e815304734a86685e094aae977cd1516a9c24ee3 96020 libssh-4_0.6.3-4.3ubuntu0.5_arm64.deb 55e60d6f811052ba58cd29db735f53ebb1c3c8f8 789012 libssh-dbg_0.6.3-4.3ubuntu0.5_arm64.deb 4f060062ddd6441a51a8f22a609034af3f7eb16e 1026 libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb 3f4e00ec60960ad9e3ff0faf218110bf90389100 133240 libssh-dev_0.6.3-4.3ubuntu0.5_arm64.deb b4ffdd8032dc6f94d4fa80f174f07799dc432d09 1030 libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb f1a7418eebe26b6cef9fdd66a4c4f253b9fedb5f 95564 libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_arm64.deb 7d63bc3ea89b8de440c63916c5fd8e8ce8b9d909 1024 libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb 7c8b84f7459d55baa2165dbcc837729e7b33dfbf 132804 libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_arm64.deb Checksums-Sha256: a5383d2c5d2a5f6206f60d3e6a3f232a27d4aef7bb2c6e158f892bf422dc11f9 1030 libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb 4d27b0592682f39ad0b4159aca10974de22685ad1824fb1eeace5055d8ea97d6 96020 libssh-4_0.6.3-4.3ubuntu0.5_arm64.deb 83f45fa47c028156fac26ce199ae7d5998b4400b98b007a6d67e168ce38096f9 789012 libssh-dbg_0.6.3-4.3ubuntu0.5_arm64.deb 195f6a999cc3a0cffd3cac9fc891c43566055aa2920c6b62bb034458767a2840 1026 libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb fe00c742dc3f0972ba93db325bb717a461b8cec2cb96fafb2eeab2a1f5160133 133240 libssh-dev_0.6.3-4.3ubuntu0.5_arm64.deb 436a6d3d58fb42db2299e385021ebbff071dcb3a2a89caee3403ea49545218ea 1030 libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb 74c57e539ef5322790fa8235aa90018fd02e470397eb932371db714660f4647c 95564 libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_arm64.deb a471bd7b12d49eedd163237c289e608d727d085d7f2f9e7d4af48ee5866497ec 1024 libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb facd49a9412e100b1f127e04aadc8be5d6bfaef445c6936889acc1e4080ea3b5 132804 libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_arm64.deb Files: 1746582c48fe516df1f0cfa64f4a35fe 1030 libs extra libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb ae1af0b27c9dfe3e472483a708043f65 96020 libs optional libssh-4_0.6.3-4.3ubuntu0.5_arm64.deb f4937e7345fd08157da59326a2c61d32 789012 debug extra libssh-dbg_0.6.3-4.3ubuntu0.5_arm64.deb d6212b6fc72f614c72a0c5f58f790344 1026 libdevel extra libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb e8e8459d5b7eec972972293b5621ce35 133240 libdevel optional libssh-dev_0.6.3-4.3ubuntu0.5_arm64.deb 11f1138add493132ac1301dd4aa35845 1030 libs extra libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb 262a1b3eed3f5fbf34058a585ce140e1 95564 libs optional libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_arm64.deb 5e13014e05d8c396c89d6a361a4ac2d6 1024 libdevel extra libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_arm64.ddeb 2dfc3fc9e58717fbf6e0e506ba061951 132804 libdevel optional libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_arm64.deb Original-Maintainer: Laurent Bigonville