Back to libssh2 PTS page

Accepted libssh2 1.4.3-4.1+deb8u2 (source amd64) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 25 Mar 2019 15:10:21 +0100
Source: libssh2
Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg
Architecture: source amd64
Version: 1.4.3-4.1+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Mikhail Gusarov <dottedmag@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
 libssh2-1  - SSH2 client-side library
 libssh2-1-dbg - SSH2 client-side library (debug package)
 libssh2-1-dev - SSH2 client-side library (development headers)
Closes: 924965
Changes:
 libssh2 (1.4.3-4.1+deb8u2) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team. (Closes: #924965).
   * CVE-2019-3855: Do packet length bounds check in _libssh2_transport_read()
     (src/transport.c).
   * CVE-2019-3856, CVE-2019-3863: Bounds checks in
     userauth_keyboard_interactive() (src/userauth.c).
   * CVE-2019-3857: Fix possible out zero byte/incorrect bounds allocation
     in _libssh2_packet_add() (src/packet.c).
   * CVE-2019-3858: Prevent zero-byte allocation in sftp_packet_read()
     which could lead to an out-of-bounds read.
   * CVE-2019-3859: Response length check in session_startup()
     (src/transport.c), and bounds checks in various functions
     (src/kex.c, src/channel.c).
   * CVE-2019-3860: Add a required_size parameter to sftp_packet_require
     et. al. to require callers of these functions to handle packets that
     are too short.
   * CVE-2019-3861: Sanitize padding_length - _libssh2_transport_read().
     This prevents an underflow resulting in a potential out-of-bounds read
     if a server sends a too-large padding_length, possibly with malicious
     intent.
   * CVE-2019-3862: Additional length checks to prevent out-of-bounds
     reads and writes in _libssh2_packet_add().
Checksums-Sha1:
 b1c4fcb56ba49ccf418e05acfc85d4d92fabe35f 1928 libssh2_1.4.3-4.1+deb8u2.dsc
 d1975057ffd8baaab4ad8fa663942cf32794e278 15352 libssh2_1.4.3-4.1+deb8u2.debian.tar.xz
 30f62d9308d91943f5cf3a75ab7b01b02b51db5b 127306 libssh2-1_1.4.3-4.1+deb8u2_amd64.deb
 a0615d5becf8eda87f8050304a100fa5d3e84401 291884 libssh2-1-dev_1.4.3-4.1+deb8u2_amd64.deb
 a9750274bdd78f1b9366e00e43980b80d5ea25ef 232346 libssh2-1-dbg_1.4.3-4.1+deb8u2_amd64.deb
Checksums-Sha256:
 95da6c89b7bddca29753eef98cea1456071f2a6bacdce63522eb63ce698137e1 1928 libssh2_1.4.3-4.1+deb8u2.dsc
 b297c276f699c86da6e9190b5ece186f6712833034b2b5f5439f014338b42c77 15352 libssh2_1.4.3-4.1+deb8u2.debian.tar.xz
 ae7732bc4c922ee4b973cf124dc4e25be0f7c2a31ee2f2e3895fd83457abc180 127306 libssh2-1_1.4.3-4.1+deb8u2_amd64.deb
 e4ac22336122a18a8f9d3164180e88f0d2ef15367ec8abb01d8b98a572c639cc 291884 libssh2-1-dev_1.4.3-4.1+deb8u2_amd64.deb
 1b0ad2969d8d0edd06fd34630840f6313eda3c5fbf0bfda61604f51b0412987f 232346 libssh2-1-dbg_1.4.3-4.1+deb8u2_amd64.deb
Files:
 61426bba6c2406fe6d88737a1bc22700 1928 libs optional libssh2_1.4.3-4.1+deb8u2.dsc
 d28cc909be104e1be6590ec33e976018 15352 libs optional libssh2_1.4.3-4.1+deb8u2.debian.tar.xz
 c1ffb41738accf8c497486fb89b60349 127306 libs optional libssh2-1_1.4.3-4.1+deb8u2_amd64.deb
 9053b1c38654779a37024bb7b01f693e 291884 libdevel optional libssh2-1-dev_1.4.3-4.1+deb8u2_amd64.deb
 08ba2d2b77d32955fd81fed6ef5a0739 232346 debug extra libssh2-1-dbg_1.4.3-4.1+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlyaJ/QVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxYxUP/1XZZri7jvL1u3nLpI/jXi5VF38Z
kuz4Pvz419TZet3pYw+9jLsoUEo8LoOi/qrNRdc/+OZUyg3BBmtNGif5041NkW0h
1lBCDC1QLL7JqYf0+a5v5YGysYJ89yxcl8Meg+y7UytQIIhct0U6rYYyGurVM0U6
aNvHoiMkaYdvs0ddc5JMJdJ2fPLnBHumdKjwwYrb69EKBDeEhC5bTxrJRZiE1FHN
hbimGHbVr7RzRms2LOUqlGq9j+QT5bwehCmZHWcn/SHeSjObrH7zf+U7pLmMkPhU
Xj+YqVZ21JmD/kP0jSdEtjURi1ObsdLRgbXY6GiBR2SeN49IYoUz7YX/SpECtUU/
7kTjdOQaNcjOnVakiNPRJvr7b/RpPl8QfGUOvoT3kyEHQuSY1/QuzymJBcDGDaSu
FYeMVXnQZJME/Rma3kFO2eSzHhPtr7aA5zcY0GJv6fC5fT0pPqPF3CJ3jxZnku1B
plAgrioMmXuBlOECNMgu+LQBCS6+sw8F4rbZWhIVXEQzfJ+GoGEDD2QuON4fCyvD
FgyoovLM758Vw1K7OndF9s1eoVUA2cabjbo4H6jGX2aodPK6Jm0dslxI2j6I2pzf
Q8fBrpipyqqMnK/eAio78nFHu+MMYT2oEexZdFYbqeMqzpAmAMH5QD1jS9lBqj9h
6cfWqCRaXGNVJEfA
=V99n
-----END PGP SIGNATURE-----