Accepted libssh2 1.8.0-2.1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 31 Mar 2019 16:06:20 +0200
Source: libssh2
Architecture: source
Version: 1.8.0-2.1
Distribution: unstable
Urgency: high
Maintainer: Mikhail Gusarov <dottedmag@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 924965
Changes:
libssh2 (1.8.0-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Possible integer overflow in transport read allows out-of-bounds write
(CVE-2019-3855) (Closes: #924965)
* Possible integer overflow in keyboard interactive handling allows
out-of-bounds write (CVE-2019-3856) (Closes: #924965)
* Possible integer overflow leading to zero-byte allocation and
out-of-bounds write (CVE-2019-3857) (Closes: #924965)
* Possible zero-byte allocation leading to an out-of-bounds read
(CVE-2019-3858) (Closes: #924965)
* Out-of-bounds reads with specially crafted payloads due to unchecked use
of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
(Closes: #924965)
* Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
(Closes: #924965)
* Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
(Closes: #924965)
* Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
* Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
* Fixed misapplied patch for user auth.
* moved MAX size declarations
Checksums-Sha1:
ea52c0c9ea4070938837edf966b0556c94c20a13 1958 libssh2_1.8.0-2.1.dsc
dd1c81a0565ec7a0db13379640b7f517736666dc 13988 libssh2_1.8.0-2.1.debian.tar.xz
Checksums-Sha256:
33f070a4a32db5d3952457986d8f80c9cf874dd144d81f5bce062171564b35d9 1958 libssh2_1.8.0-2.1.dsc
e3c34166cddaba7f2162132ef4f4bdc1490c499ee6610bde81f773adef43489e 13988 libssh2_1.8.0-2.1.debian.tar.xz
Files:
f61a7eb27d62cf3092298e96022b2db6 1958 libs optional libssh2_1.8.0-2.1.dsc
9431d1061db4430c603b9eab82c17130 13988 libs optional libssh2_1.8.0-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyjv0VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E4B0P/AwlLKeFxLswD8Q38KyM8VnMdBvSwpdS
hPMqWto9UnC6g+yq661ItTXSH8DwaKOHpz0v5kbfO86Q5jsBoaIwG5LQQTFk3D0z
x9X+9NZ0yxnPXI9imE5N6sXj4/Q/nlTzhW1bEelx367hLIRVzM0p7Y1/npsljBs9
MS12ad2oDfdME7nG55r9ONoY6m5Y6K41WGpXw4CBurP98iwxMAtWU9P7L9sHPUun
jWHlwn+v8pei4DgB/OXvEFK+0kPX0+DLx70VJ+F2qxnED6+NI3L32tNKKVDrW9GT
u3Sho3q18dsAB11bBgoNnYTZSVXl5YNhkQok/h63Ri31W+tJIddQ7rftnSoxBx3t
lUps+PpR+0Cm1LiKZ2p6q2FY1EgX2jTcTtpbO+mQFibyrK9buNvFgYktYRpijMnI
w1R+lmgDGrgLmgBNY9A+wIg3jS28CkgMHTyU6nEnwG0BUGK4Vj19Nm+GTYEz9geX
TaTTZanAY/Ku1qBVL4U03ePctjsRBO3DcFS2AVGKeX+lhvw6aL1Kg6GH4WI0drbd
vFi0VLqHRC8Lb3A1lDc0fGtld2tVngZQWwwnJaMXwXFzZFN29tITrfha9uRbBuIW
bkR699eQJycq63oTuxpl0zHT9vgdPD3F2fsxg7wp2J2QO826xqEmErv6VfuS3dmH
NEkmBwxU4OHE
=tsOJ
-----END PGP SIGNATURE-----