-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2019 16:06:20 +0200 Source: libssh2 Architecture: source Version: 1.8.0-2.1 Distribution: unstable Urgency: high Maintainer: Mikhail Gusarov <dottedmag@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 924965 Changes: libssh2 (1.8.0-2.1) unstable; urgency=high . * Non-maintainer upload. * Possible integer overflow in transport read allows out-of-bounds write (CVE-2019-3855) (Closes: #924965) * Possible integer overflow in keyboard interactive handling allows out-of-bounds write (CVE-2019-3856) (Closes: #924965) * Possible integer overflow leading to zero-byte allocation and out-of-bounds write (CVE-2019-3857) (Closes: #924965) * Possible zero-byte allocation leading to an out-of-bounds read (CVE-2019-3858) (Closes: #924965) * Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859) (Closes: #924965) * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860) (Closes: #924965) * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) (Closes: #924965) * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965) * Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) (Closes: #924965) * Fixed misapplied patch for user auth. * moved MAX size declarations Checksums-Sha1: ea52c0c9ea4070938837edf966b0556c94c20a13 1958 libssh2_1.8.0-2.1.dsc dd1c81a0565ec7a0db13379640b7f517736666dc 13988 libssh2_1.8.0-2.1.debian.tar.xz Checksums-Sha256: 33f070a4a32db5d3952457986d8f80c9cf874dd144d81f5bce062171564b35d9 1958 libssh2_1.8.0-2.1.dsc e3c34166cddaba7f2162132ef4f4bdc1490c499ee6610bde81f773adef43489e 13988 libssh2_1.8.0-2.1.debian.tar.xz Files: f61a7eb27d62cf3092298e96022b2db6 1958 libs optional libssh2_1.8.0-2.1.dsc 9431d1061db4430c603b9eab82c17130 13988 libs optional libssh2_1.8.0-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyjv0VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E4B0P/AwlLKeFxLswD8Q38KyM8VnMdBvSwpdS hPMqWto9UnC6g+yq661ItTXSH8DwaKOHpz0v5kbfO86Q5jsBoaIwG5LQQTFk3D0z x9X+9NZ0yxnPXI9imE5N6sXj4/Q/nlTzhW1bEelx367hLIRVzM0p7Y1/npsljBs9 MS12ad2oDfdME7nG55r9ONoY6m5Y6K41WGpXw4CBurP98iwxMAtWU9P7L9sHPUun jWHlwn+v8pei4DgB/OXvEFK+0kPX0+DLx70VJ+F2qxnED6+NI3L32tNKKVDrW9GT u3Sho3q18dsAB11bBgoNnYTZSVXl5YNhkQok/h63Ri31W+tJIddQ7rftnSoxBx3t lUps+PpR+0Cm1LiKZ2p6q2FY1EgX2jTcTtpbO+mQFibyrK9buNvFgYktYRpijMnI w1R+lmgDGrgLmgBNY9A+wIg3jS28CkgMHTyU6nEnwG0BUGK4Vj19Nm+GTYEz9geX TaTTZanAY/Ku1qBVL4U03ePctjsRBO3DcFS2AVGKeX+lhvw6aL1Kg6GH4WI0drbd vFi0VLqHRC8Lb3A1lDc0fGtld2tVngZQWwwnJaMXwXFzZFN29tITrfha9uRbBuIW bkR699eQJycq63oTuxpl0zHT9vgdPD3F2fsxg7wp2J2QO826xqEmErv6VfuS3dmH NEkmBwxU4OHE =tsOJ -----END PGP SIGNATURE-----
