Back to libssh PTS page

Accepted libssh 0.10.6-0+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted libssh 0.10.6-0+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 29 Dec 2023 12:17:12 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: libssh_0.10.6-0+deb12u1_source.changes
Debian-source: libssh
Debian-suite: proposed-updates
Debian-version: 0.10.6-0+deb12u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=a8vrSiR1j5qxo8zJHpqfF3UItk7s3t0AFuPN3rrYq/c=; b=CgaqTGrtGiSa4XbwC0RfYNfnN2 A8nFTit+2S7Ft6agRVOMC6e3VVg20xWi5re2m06w4mDt1jdJulW+AzruEUQXNQpwxPnNt8C+9SzLY jeq1+6A1XeNys3YVcO/+B0mJAgCXjLU/DqWfd1m8JTmzfglS7lYM74+YWU6VQluxo2XtyxD6KJcNz BZdZpPmrNpf4eV2iSOYyy0XMysdm1lSqp32IrQApSwEgSF9glEbbFqcl6E8zeA68P0pOCcIzGIP+l uNtOngrqDpRgY1oqOTcuc9kYwiX218qLvKeGXoFM/9qcJ1rQ37r9dU0U1Oa1fr9nsAaSAE/vkJb/V vVIfaNQw==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rJBnc-004LSP-6E@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Dec 2023 11:15:40 +0100
Source: libssh
Architecture: source
Version: 0.10.6-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 1059004 1059059 1059061
Changes:
 libssh (0.10.6-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream security release:
    - Fix Command injection using ProxyCommand
      (CVE-2023-6004, Closes: #1059061)
    - Fix missing checks for return values of MD functions
      (CVE-2023-6918, Closes: #1059059)
    - Fix potential downgrade attack using strict kex
      (CVE-2023-48795, Closes: #1059004)
   * Fix regression in IPv6 addresses in hostname parsing from CVE-2023-6004
     fix.  Patch and unit test backported from upstream stable-0.10 branch.
     See https://gitlab.com/libssh/libssh-mirror/-/issues/227
Checksums-Sha1:
 70f20d2f9061572b93e7b97267b542864f00c9e6 2774 libssh_0.10.6-0+deb12u1.dsc
 e8fb3b4750db11d2483cac4b5f046e301c09b72f 561036 libssh_0.10.6.orig.tar.xz
 ef01c0d5506ae2c6d3fbda6c89dca53079f422d6 833 libssh_0.10.6.orig.tar.xz.asc
 34d20bb79279a5a47714c2d1b016f9cdf73a671b 30372 libssh_0.10.6-0+deb12u1.debian.tar.xz
 c9294ff135ae9019acb5c4dcb1ae13af18e7782d 6276 libssh_0.10.6-0+deb12u1_source.buildinfo
Checksums-Sha256:
 82ba2e258448ae1b3287b4ee6f5b5fb02a74b87593635fb0308fadd89d214602 2774 libssh_0.10.6-0+deb12u1.dsc
 1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 561036 libssh_0.10.6.orig.tar.xz
 140420406d7796548b0beaf736e73864c32291787cf2bd3983fdbc41741494ae 833 libssh_0.10.6.orig.tar.xz.asc
 1631c4e6760611bb8ada21e2de47bd56f19615e828f0a39a42c0d7de56188f27 30372 libssh_0.10.6-0+deb12u1.debian.tar.xz
 564044c865c520dc72322e95103ea8e3ac4d7e2f02b3fc7964c92894f1178519 6276 libssh_0.10.6-0+deb12u1_source.buildinfo
Files:
 608e533bec6a02ec473671447238a8f2 2774 libs optional libssh_0.10.6-0+deb12u1.dsc
 5f46371aa8bfa7e6bff7f2a6f3edf80e 561036 libs optional libssh_0.10.6.orig.tar.xz
 75a12048601da804564cfa523bd77bcf 833 libs optional libssh_0.10.6.orig.tar.xz.asc
 56c3d6e6f4e2855879ddf3d102f9daa7 30372 libs optional libssh_0.10.6-0+deb12u1.debian.tar.xz
 b10accdfdd72225b5c9af1d5c50c3e67 6276 libs optional libssh_0.10.6-0+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmWKlRYACgkQ7nvd5Lhr
VxOl8w/+O+lbX3FslzXijZ/uTXMYDfm4a2p30fdP44xZ3xoKD+PXNmfHxvS/QpoQ
w3BS0FgtV97vSqEeU+YCbDKpqMEx4dp9nii3WDsFb8X4JlZtJ+pHqV1Qs9Gs/fTD
YgMJteMmMPEjPkCjQrrpkgO2PEHUDEv99y2IW2RSW5o/OdMqaCfAS4wAkENej9AK
w03I9R5uB/b3C8Zs6WWmpLN+zvNw58Lo+80A9afZrt9frCHu6yd9YNEyngzycWOF
EX4HtAL07D3yKSqO9Tu3sBS6tGxLpoUZqjdHp/psGBjot5kztS1uWejpreajJsXd
dcmOxlzP6FFhGizmn7dhdwHSaLEtCrzkFsWnadV0qqOY/h2sbEhMMK+iudINtl0V
062Ie25qWShItSEIYXQD+qnhLQe5BnjMhdM3oxoY448k881GLLJPztHMopxATbtj
yFa5RJzHtG54I5dStua1+A41qVoqpAPRiBoiiYx2nY8pik0f8NJVkJGa2uoU2bvC
NFgKx9mhvonddJzAPECdzE7wV5e2Na+Zih+C2tqwIlFreMLgNTZPNfS9oPusKkKS
vWx1TBZfSpm8DcahSnTKgcj/nLBdR01oXcURIjKfkGyggCjjj5mbSkzUKRR8T81n
kb9Jtw4ROqHuEhldUGfOHJliXtAMtriHWQPRrC9cvXP8GCbnPZ4=
=9o3B
-----END PGP SIGNATURE-----