Format: 1.8 Date: Tue, 10 Dec 2019 10:32:29 -0500 Source: libssh Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg libssh-doc Architecture: armhf Version: 0.6.3-4.3ubuntu0.5 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dbg - tiny C SSH library. Debug symbols libssh-dev - tiny C SSH library. Development files (OpenSSL flavor) libssh-doc - tiny C SSH library. Documentation files libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor) Changes: libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium . * SECURITY UPDATE: unsanitized location in scp could lead to unwanted command execution - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c. - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from the server in src/scp.c. - debian/patches/CVE-2019-14889-3.patch: add function to quote file names in include/libssh/misc.h, src/misc.c. - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer than 32kb in src/scp.c. - debian/patches/CVE-2019-14889-5.patch: quote location to be used on shell in src/scp.c. - CVE-2019-14889 Checksums-Sha1: a916b20814102015ad89ca1e0c6bc3725e7a9e15 1030 libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb aa34627a954ce3af6674132af75ad4a85e47b788 98528 libssh-4_0.6.3-4.3ubuntu0.5_armhf.deb d85552156ded0591d375d4332add38661514311b 749918 libssh-dbg_0.6.3-4.3ubuntu0.5_armhf.deb e37027736424e0916c649610f15a245ebfc56914 1022 libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 32a67caf75be5d0deef7103e3728754edb261119 133648 libssh-dev_0.6.3-4.3ubuntu0.5_armhf.deb 425cfdc70332fcdf507c2d347e21c7b2aee0035e 1030 libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 0611829384d282bd2d8ab2d92ae42ae106dd56ec 98006 libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_armhf.deb 6b54adb5743f6305a13ac9ec9da273fc3cc6361b 1024 libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 7d2e5267678d11203337b9c41aff80ce2f72d2ed 133120 libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_armhf.deb Checksums-Sha256: 0c669c5d9c25b7eeffe2e22933f0fb91a7b14b1f69dbb0467e15fb834f6a0594 1030 libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 66831601a06801f28435e6c9ecf502b4359f73474f804078634a5332a7aa1e03 98528 libssh-4_0.6.3-4.3ubuntu0.5_armhf.deb 1deed60c0333abdb572fae9b79417e3d6e62662ee22f231ef7c1b4e5297c33fa 749918 libssh-dbg_0.6.3-4.3ubuntu0.5_armhf.deb 1a423eda953d83034f94adfbad38df10a7210be110b21c1bd05e776201c5aa96 1022 libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 8f481f9cfa537cc5f531229ab5c61603aa532106bf0dd7e49f97b865b05d67f8 133648 libssh-dev_0.6.3-4.3ubuntu0.5_armhf.deb 4edc365635e644545bac6263534a1b196067457145bb0d6c1a4aef7ecb5adca6 1030 libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 44887a355f2ad9e52a824829c2f1d9291e92be1233232962e018e9c3afd9c9e1 98006 libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_armhf.deb 019993b81dc8350457b78817c97d9b24004fb12c5e4bd3d5141b07a87f231da5 1024 libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 0e9582544ff9b84229ec1cc84bad313cbbe4843087de2456f3e82023ccb9f4f4 133120 libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_armhf.deb Files: d431760e2695dc4a7dcf98f16ceb1d56 1030 libs extra libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 4d119c0c7dbbffa070e854c24c3ef743 98528 libs optional libssh-4_0.6.3-4.3ubuntu0.5_armhf.deb 338584f4dca5e13c71bf89a6563c1e44 749918 debug extra libssh-dbg_0.6.3-4.3ubuntu0.5_armhf.deb e20dcdf8d64dce3ad019434065a22b75 1022 libdevel extra libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb e9b8d7a4aa28b017ebd7f8f0fb89b7b6 133648 libdevel optional libssh-dev_0.6.3-4.3ubuntu0.5_armhf.deb 8663a65ed9ff8c710b7ce1c11332c0a9 1030 libs extra libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb a757077150985e01f659aba588413d5f 98006 libs optional libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_armhf.deb fedfa03898f605a1ba8d01b053babeab 1024 libdevel extra libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_armhf.ddeb 4b835b4b3b97789400c8f4ce73d38e50 133120 libdevel optional libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_armhf.deb Original-Maintainer: Laurent Bigonville