Accepted libssh2 1.8.0-2.1+deb10u1 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted libssh2 1.8.0-2.1+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 08 Sep 2023 10:40:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libssh2_1.8.0-2.1+deb10u1_source.changes
- Debian-source: libssh2
- Debian-suite: oldoldstable
- Debian-version: 1.8.0-2.1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=UvNz56lA1qjsQKQKiBY8KTqStYfgDlqtjWliOp/Pfk0=; b=evq98+FQ69Ybr1qv2lj9ZiiFAc 1l8D3XuQa4gJr7B78Zkjr560tpBh2/NJRAf7jGdDHf885pgTd3gSYqO67hYqLcjgI3hP/8/tEywSH KTIdVFA007QAQRWg0RQh7uVMr57aVqlbo6vCRj42IR59r4WT+sV0t8mHCJ6vP7in25Avt1YSOqBdd BYI5y34BS8fw5kK5PyNh+OskNBV14S9UEO2PfrQb/uG94YSHH8GeLAHHlS9E1kpcOdRbKvOrBeLtb bkLnMiKFNc3qcU3nG+f0z4VgT9LL/I9o7TNwjki5LY7Y81Y/cf0/U9pS8ShfEi4iWZ4ejvn6VOpoQ EbzZnWXQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qeYuU-0099v5-1c@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 Sep 2023 19:27:44 +0200
Source: libssh2
Architecture: source
Version: 1.8.0-2.1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Mikhail Gusarov <dottedmag@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 932329 943562
Changes:
libssh2 (1.8.0-2.1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2019-13115: integer overflow that could lead to an out-of-bounds
read in the way packets are read from the server (closes: #932329).
* Fix CVE-2019-17498: the SSH_MSG_DISCONNECT logic in packet.c has an
integer overflow in a bounds check, enabling an attacker to specify an
arbitrary (out-of-bounds) offset for a subsequent memory read (closes:
#943562).
* Fix CVE-2020-22218: missing check in _libssh2_packet_add() allows
attackers to access out of bounds memory.
Checksums-Sha1:
049820060bf43895be2ce4d535d60cd1e227806d 1835 libssh2_1.8.0-2.1+deb10u1.dsc
bdfc81960326fab200745fe807b7db5606073da4 846989 libssh2_1.8.0.orig.tar.gz
ec4dc34f2006230a26b1527f02b786100f90b02c 17116 libssh2_1.8.0-2.1+deb10u1.debian.tar.xz
e76cd659b3f9a7d0dd6fcb0b1aed75a1cb6c34d2 6315 libssh2_1.8.0-2.1+deb10u1_amd64.buildinfo
Checksums-Sha256:
fc932f9c37345e11191b546c7a97e5c2fe27803d11c53718764e2f7047eeb29a 1835 libssh2_1.8.0-2.1+deb10u1.dsc
4382d33de790b28f862e53ed59ffbd65f3def7a06e8b6e9ca1b6f70453b4d5e0 846989 libssh2_1.8.0.orig.tar.gz
b8cec51fc65b728e844ea8b12b0c4a0088ae10f4cdf103b6f5d29b18a6c905f1 17116 libssh2_1.8.0-2.1+deb10u1.debian.tar.xz
76f71cc1493fa1b9c0644fb84e3b97e440cd773dba89f197122d43ddd84d647a 6315 libssh2_1.8.0-2.1+deb10u1_amd64.buildinfo
Files:
b43e6c8a9c327b058bdce533cf8e6dbd 1835 libs optional libssh2_1.8.0-2.1+deb10u1.dsc
16bc171b18618007ae53ca1cb076ff9c 846989 libs optional libssh2_1.8.0.orig.tar.gz
c40382740f87befe2e54b09e9a5dc0df 17116 libs optional libssh2_1.8.0-2.1+deb10u1.debian.tar.xz
255e160f9fdb0ca4de83b7db5da0a111 6315 libs optional libssh2_1.8.0-2.1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmT6TtwACgkQ05pJnDwh
pVIwbw/+J0+Kzzq1bs4HBA4xBajE5Oqj8nFr0oQ6MqIzy9R5l+OmbvCYNyAHSVCx
5y2HNuB+2iUmKvjy2IFxHgUrFuNxr2JWJ+Qf7rI2OWN1Qe9hkqsvSsBq833HCLaB
T7ZL2vrPCdMrY6h+L7TLesRDy0JJ2/GuN3ZFSmn0dilTYN+KGuwOLvjrpFf9WZtl
/7MwcbpgLewF0ZIt8zm8bpTfPNvF+PYy015jVDDonuSgpOVTO22TMWLwkEjyYcIe
8rOAAavYkVxd/vFIHSiVloUEQEFoFqg2g86jwKX1Qdp6/NIO9GWi+JsvseaFihm+
WJsxvKaxlI/pgW2KlsTq1+/1un45H+xQRpx63KlhNwa5SpgDEZNqhX19/rTkyScd
FeXHO9WzTmaZ0LqFlBDRk9VwMw1dakbJDMFqgZs9McwRDgYab+I0/t6H9jRYk9uQ
Hsrxb0Xxd4HUzA+2RBik+QZzgsR4h/8JDSzlseLwPzuj+TCUkOSDvXMRvr+N/nwI
N7dpGmKdlTDfFn8X23oNpNEahk42SFbrAf3gmBvsImwO8t7M7Vqcro/LcExdrMjM
kwwaReiFoshI8IaBflwZn1AUMMhuK4w+aHj23QOEZFeY8h9RZ+3KsiP9tdQ4DOdM
WR9cECvGDIy34DKM2QP9MpV6zm7soDx5rnxNygcDXZmLEKHVxvc=
=WDdh
-----END PGP SIGNATURE-----