Format: 1.8 Date: Tue, 10 Dec 2019 10:32:29 -0500 Source: libssh Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg libssh-doc Architecture: ppc64el Version: 0.6.3-4.3ubuntu0.5 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dbg - tiny C SSH library. Debug symbols libssh-dev - tiny C SSH library. Development files (OpenSSL flavor) libssh-doc - tiny C SSH library. Documentation files libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor) Changes: libssh (0.6.3-4.3ubuntu0.5) xenial-security; urgency=medium . * SECURITY UPDATE: unsanitized location in scp could lead to unwanted command execution - debian/patches/CVE-2019-14889-1.patch: reformat code in scp/scp.c. - debian/patches/CVE-2019-14889-2.patch: log SCP warnings received from the server in src/scp.c. - debian/patches/CVE-2019-14889-3.patch: add function to quote file names in include/libssh/misc.h, src/misc.c. - debian/patches/CVE-2019-14889-4.patch: don't allow file path longer than 32kb in src/scp.c. - debian/patches/CVE-2019-14889-5.patch: quote location to be used on shell in src/scp.c. - CVE-2019-14889 Checksums-Sha1: fae0358e9d19978f75d31e8a8eb7ce7736ddf14f 1034 libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 53ec592a4a4b6ea62122596c7d3c4838d8867b8e 115972 libssh-4_0.6.3-4.3ubuntu0.5_ppc64el.deb 4c7045dc2f3d1192221efadac976ce3a38da6070 872930 libssh-dbg_0.6.3-4.3ubuntu0.5_ppc64el.deb 7d16a554cd6c5a0310c5212463f22df6df2094f6 1022 libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb aebd03998c55bfb06989fe1bd8c659f60e36d15b 148954 libssh-dev_0.6.3-4.3ubuntu0.5_ppc64el.deb e7b782b088136b3d9b94cadd71184603b89b152f 1028 libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 04cb614c0dcc4af02ed72251d0342d9853751597 117350 libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_ppc64el.deb 901276464a4c0fab146da4da9b6c31cb9d1284ef 1022 libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 9e6b73ad272f801831f2f5bf4ef31ef7ada2decc 150012 libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_ppc64el.deb Checksums-Sha256: e90d11e39f2a4ac5b77a07fc0b93900f00469aca80613134d6bfa2442be154f4 1034 libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 05a97deeb151af5bc1c23616d990d7a75e0a98c784877914ba9581cc03cfca15 115972 libssh-4_0.6.3-4.3ubuntu0.5_ppc64el.deb 4e1b6acc926ecc0af9a5c067f73235292d372c4f52d0b695b0290e0399870a64 872930 libssh-dbg_0.6.3-4.3ubuntu0.5_ppc64el.deb 474ba5b7dab820f435137992a9da3deda019f1816c312897257d5ce4cc683971 1022 libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 18637a2f4580a428005478109ad42908fa1f49656d11d37ed007411d9dffbfe9 148954 libssh-dev_0.6.3-4.3ubuntu0.5_ppc64el.deb c0c08010c0f1b616776cdcbaa3e82123f5f2d0019df773719ea11bcff855bda1 1028 libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb ba3a90c79bd13603dc2ea7f5b2cf336687a28a3e73981e7003514021c217ea30 117350 libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_ppc64el.deb b4f3d9ddb022052132ee873b177cef14bf2233aa40daea67e3a6a642230400bc 1022 libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 06b14a50d9b0a918d941464cc8e2a04939efd0776b2c51768923daba5fb10ee1 150012 libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_ppc64el.deb Files: 203b03b714b5dfb738855b57a1ad989b 1034 libs extra libssh-4-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb b36ccf0e0d9e42ef8a31a7904e293caa 115972 libs optional libssh-4_0.6.3-4.3ubuntu0.5_ppc64el.deb 5ebadde32c07b74b0011d4b0785e64f6 872930 debug extra libssh-dbg_0.6.3-4.3ubuntu0.5_ppc64el.deb 2abf8b0baddd89e17a8ba34581fed763 1022 libdevel extra libssh-dev-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 5f0e950b1be48b170997115bdc64ae28 148954 libdevel optional libssh-dev_0.6.3-4.3ubuntu0.5_ppc64el.deb 994df02332203c61d737c6e69fde45b1 1028 libs extra libssh-gcrypt-4-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 44d030ac03d8d973f4c7cae9bc902cd1 117350 libs optional libssh-gcrypt-4_0.6.3-4.3ubuntu0.5_ppc64el.deb dd8df7d76647a8937d52cfa3882fdd3a 1022 libdevel extra libssh-gcrypt-dev-dbgsym_0.6.3-4.3ubuntu0.5_ppc64el.ddeb 833030758841d10080e905f81f4df366 150012 libdevel optional libssh-gcrypt-dev_0.6.3-4.3ubuntu0.5_ppc64el.deb Original-Maintainer: Laurent Bigonville