Back to libssh2 PTS page

Accepted libssh2 1.7.0-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted libssh2 1.7.0-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 14 Apr 2019 10:32:11 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1hFcQl-000BLs-NB@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Apr 2019 23:32:50 +0200
Source: libssh2
Architecture: source
Version: 1.7.0-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Mikhail Gusarov <dottedmag@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 924965
Changes:
 libssh2 (1.7.0-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Possible integer overflow in transport read allows out-of-bounds write
     (CVE-2019-3855) (Closes: #924965)
   * Possible integer overflow in keyboard interactive handling allows
     out-of-bounds write (CVE-2019-3856) (Closes: #924965)
   * Possible integer overflow leading to zero-byte allocation and
     out-of-bounds write (CVE-2019-3857) (Closes: #924965)
   * Possible zero-byte allocation leading to an out-of-bounds read
     (CVE-2019-3858) (Closes: #924965)
   * Out-of-bounds reads with specially crafted payloads due to unchecked use
     of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
     (Closes: #924965)
   * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
     (Closes: #924965)
   * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
     (Closes: #924965)
   * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
   * Integer overflow in user authenicate keyboard interactive allows
     out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
   * Fixed misapplied patch for user auth.
   * moved MAX size declarations
Checksums-Sha1: 
 2d2cd964579e4da0e4400d1afc2d8ed090d4bd80 2046 libssh2_1.7.0-1+deb9u1.dsc
 02fef9bdafce3da466b36581a4ff53d519637aca 811714 libssh2_1.7.0.orig.tar.gz
 0a03504ad60b6d9b0a442af136c61581e39fdcbc 13008 libssh2_1.7.0-1+deb9u1.debian.tar.xz
Checksums-Sha256: 
 dc4db042d18ecd49012df85a8de5b8dd3b512300688b0e9f527a4c505fabe5f1 2046 libssh2_1.7.0-1+deb9u1.dsc
 e4561fd43a50539a8c2ceb37841691baf03ecb7daf043766da1b112e4280d584 811714 libssh2_1.7.0.orig.tar.gz
 e0291b5d7ff5a67abd318b923650569d2d4c112122a7b7b97cc3c563f10ae296 13008 libssh2_1.7.0-1+deb9u1.debian.tar.xz
Files: 
 225f26c2f549206bd1ea20fba48272f7 2046 libs optional libssh2_1.7.0-1+deb9u1.dsc
 b01662a210e94cccf2f76094db7dac5c 811714 libs optional libssh2_1.7.0.orig.tar.gz
 b7cb2434567f23fe89b298c810f8445d 13008 libs optional libssh2_1.7.0-1+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlymeGpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E1XgP/34zYXXruFjbFjVBCFDnBsL4uVane5aB
/17AAuHRuJ6ssfEdtGtTZC+QgQmRUzTv/MqvKStYbXHapPTPHa29iLhBPxnYeBC8
Z62Va3ml6p0kYt/+jnAAASC+1w7JJC75L0q70kfM6ElQsh+BYvBdmOSX6P0rHNdH
U6duAAwfJWE8Kp7PjYK4+nePTo4Y3YoA5v+fTQGnsoUT8euSGqr0srZl4eSmunPk
YZ5NYvkNVCVY1tFYHykMVc7fdBMhrt6xBZqMYm4WDeIR2GPYDdg9XK5cHDL2a3ZU
9Be1D67o33yxAOS4vEFjK9m1fxrCEAnTvcvlV3xzHRMB6TOKeWfisnXiksHwf8pS
zZeoaWzpykwA4kpu0jOwhw3Qy91VpIKGAfOANC+l0vkkD22Qz3Tm3umyTHM/1weW
9GP6BAFb+h3k6ia12nV4Z4XTYc9SJTM5F/SP0YrI4zMjQqDe4jfzcX3mO9yx5W5T
wUMjVMZLSD/DFqplFNSJY6k461pZR3zlRUlJ9JFtHU4coiOWzcMqSp3y9oTZsUDZ
f2g2x7uC40125Zpnh5LYvyg6aj+IljdokIDlmg0fQkaT7bETZikOsNhbKsYXBvk0
ymJPZ0HAnrdB3JWXAOs4xDrmWX7uRbStTw+wbg+G8uBTC5UnKl3Z2gVC4uTcjOB9
qWI/DwUZ4TsV
=ToQJ
-----END PGP SIGNATURE-----