Accepted libssh 0.9.8-0+deb11u1 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted libssh 0.9.8-0+deb11u1 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 29 Dec 2023 12:17:41 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libssh_0.9.8-0+deb11u1_source.changes
- Debian-source: libssh
- Debian-suite: oldstable-proposed-updates
- Debian-version: 0.9.8-0+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Gm7phO4jru/SFBV/nrHGVtxE16RIXWuELM/1RlAE0Sg=; b=NrEbAYXZsdjgc8kPl4GUvZHt+E lu1qR9DVVxJG+vAwBuFvZQj83/KmeIg8YM/pG3fJ/pPW7sXPwcJzaTx2hnGJSb652c28UYJ5VJnXW lwia0RaIBi0kt8OW+iAHme/Z/YRduWcC65PtYABgad5UVwf6ITRHF8xXpiCA0Q/LsIoS/gQXVDCe4 XPRcaD65F/8wF8iIqh+OnafTw2s+SjjB5FBuL1dlT2UR9CyyUY7f3j+SNRLpII+Wia1ykl6XXnifK oYCbSDa/aFrGAK0o1x+FE58zJAt13IMA2D0KEuVVH03g5efndko6NGPYuhcJ/mDHUmCYmH2Xw/AuO 69zMxrFQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1rJBo5-004LbO-6U@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Dec 2023 11:40:33 +0100
Source: libssh
Architecture: source
Version: 0.9.8-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 1059004 1059059 1059061
Changes:
libssh (0.9.8-0+deb11u1) bullseye-security; urgency=medium
.
* New upstream security release:
- Fix Command injection using ProxyCommand
(CVE-2023-6004, Closes: #1059061)
- Fix missing checks for return values of MD functions
(CVE-2023-6918, Closes: #1059059)
- Fix potential downgrade attack using strict kex
(CVE-2023-48795, Closes: #1059004)
* Fix regression in IPv6 addresses in hostname parsing from CVE-2023-6004
fix. Patch and unit test backported from upstream stable-0.9 branch.
See https://gitlab.com/libssh/libssh-mirror/-/issues/227
Checksums-Sha1:
8c1263773fc5705aa982b5bb070547732c1cb1f9 2476 libssh_0.9.8-0+deb11u1.dsc
9c937ff6914c6873e8247526401d2303438b0724 508168 libssh_0.9.8.orig.tar.xz
dab8c51a237addfa7b69b555f5a46b2d00be5a9a 29908 libssh_0.9.8-0+deb11u1.debian.tar.xz
57c10cae6f772f6152106d5a4e390090c2747e24 6272 libssh_0.9.8-0+deb11u1_source.buildinfo
Checksums-Sha256:
e987b8ab8f35fc3a13b65138cedf4588071b3b70fe4d114d7e91a7c36392dcb8 2476 libssh_0.9.8-0+deb11u1.dsc
9f834b732341d428d67bbe835b7d10ae97ccf25d6f5bd0288fa51ae683f2e7cd 508168 libssh_0.9.8.orig.tar.xz
65638ae253e1e76bc3e1d310a55951d2893da2b9b1af068cb45dfee7e68938af 29908 libssh_0.9.8-0+deb11u1.debian.tar.xz
70364b37a3007d3f2141e2ccd1145f36b278c2d1aee6aa20e394f3217f25b533 6272 libssh_0.9.8-0+deb11u1_source.buildinfo
Files:
759d7036c3afc6288bcf57b4f90708ac 2476 libs optional libssh_0.9.8-0+deb11u1.dsc
3dc7a87cbf9d507eaa76319bfbce9c14 508168 libs optional libssh_0.9.8.orig.tar.xz
e8da8cc6222338cfa5190f3f45a3f19b 29908 libs optional libssh_0.9.8-0+deb11u1.debian.tar.xz
e09e347e8634040188340c2203a0e92a 6272 libs optional libssh_0.9.8-0+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmWKlDsACgkQ7nvd5Lhr
VxNhKA//WvmSluRO2ztupIsU0PSg/Lb7j1q/KUGfTZQf3gGTbaC2kfCt6ohgrLTo
LouN+qlmvsRX4ZCyRPxnWvGKOhfiZfOdV/3voZmro1fxPb99RDkMPy219g1I2y5n
qcak5zM8fJ4eZ+v/p2JYYGOyGQqYezMeX5EKz+sBHjV8AIDgIdZ6KZlTguPMkJL9
daqa6AZo5f5P7HDcv6yQnh7OZN2KoReMVKkNyXRaqVZml+GPjdJVoXYc3/DR15p6
0ixqdlj2Gm/+zty75TaH78X3qX4EX8yNFf7hKdmGmhtgTEn9tJsNPg/W1TmSGojk
11sX6u5upVk3isOnFIDzYUTsAWRFVD9m7i1F7XoKJS84rbWTpU/F7/PFiZmltVqG
kq8FL1iKxTzxKdnkfNOHk3lHbf+JRv1CKiqIX0HHkk4gHDtb6ZpIny3zwO8jOpZB
TIuHXhjb5DM+1+5f088U5zvuStqh7Y8pNLGviC4jW/ezce2waV6lLnymiy9OJg/O
/RdvV/bdRxJ3ZE1289AT6zoNG9zNlI8mIt6KY+Hn26fXWqPYRPysWc7V2tz0dV8h
VzyoJucN1o0PeWtdpASoq8mCJmMgnQv1Uo4xzFWUtElLrFgyA9hTr1zqT4xtOnLQ
TIhLy5bPTjSUGKsv4TjYqouPRJnBLB9jhFxtTFfPySNS71E7X5k=
=iaUe
-----END PGP SIGNATURE-----