-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 04 Apr 2019 23:32:50 +0200 Source: libssh2 Architecture: source Version: 1.7.0-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Mikhail Gusarov <dottedmag@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 924965 Changes: libssh2 (1.7.0-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Possible integer overflow in transport read allows out-of-bounds write (CVE-2019-3855) (Closes: #924965) * Possible integer overflow in keyboard interactive handling allows out-of-bounds write (CVE-2019-3856) (Closes: #924965) * Possible integer overflow leading to zero-byte allocation and out-of-bounds write (CVE-2019-3857) (Closes: #924965) * Possible zero-byte allocation leading to an out-of-bounds read (CVE-2019-3858) (Closes: #924965) * Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859) (Closes: #924965) * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860) (Closes: #924965) * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) (Closes: #924965) * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965) * Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) (Closes: #924965) * Fixed misapplied patch for user auth. * moved MAX size declarations Checksums-Sha1: 2d2cd964579e4da0e4400d1afc2d8ed090d4bd80 2046 libssh2_1.7.0-1+deb9u1.dsc 02fef9bdafce3da466b36581a4ff53d519637aca 811714 libssh2_1.7.0.orig.tar.gz 0a03504ad60b6d9b0a442af136c61581e39fdcbc 13008 libssh2_1.7.0-1+deb9u1.debian.tar.xz Checksums-Sha256: dc4db042d18ecd49012df85a8de5b8dd3b512300688b0e9f527a4c505fabe5f1 2046 libssh2_1.7.0-1+deb9u1.dsc e4561fd43a50539a8c2ceb37841691baf03ecb7daf043766da1b112e4280d584 811714 libssh2_1.7.0.orig.tar.gz e0291b5d7ff5a67abd318b923650569d2d4c112122a7b7b97cc3c563f10ae296 13008 libssh2_1.7.0-1+deb9u1.debian.tar.xz Files: 225f26c2f549206bd1ea20fba48272f7 2046 libs optional libssh2_1.7.0-1+deb9u1.dsc b01662a210e94cccf2f76094db7dac5c 811714 libs optional libssh2_1.7.0.orig.tar.gz b7cb2434567f23fe89b298c810f8445d 13008 libs optional libssh2_1.7.0-1+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlymeGpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E1XgP/34zYXXruFjbFjVBCFDnBsL4uVane5aB /17AAuHRuJ6ssfEdtGtTZC+QgQmRUzTv/MqvKStYbXHapPTPHa29iLhBPxnYeBC8 Z62Va3ml6p0kYt/+jnAAASC+1w7JJC75L0q70kfM6ElQsh+BYvBdmOSX6P0rHNdH U6duAAwfJWE8Kp7PjYK4+nePTo4Y3YoA5v+fTQGnsoUT8euSGqr0srZl4eSmunPk YZ5NYvkNVCVY1tFYHykMVc7fdBMhrt6xBZqMYm4WDeIR2GPYDdg9XK5cHDL2a3ZU 9Be1D67o33yxAOS4vEFjK9m1fxrCEAnTvcvlV3xzHRMB6TOKeWfisnXiksHwf8pS zZeoaWzpykwA4kpu0jOwhw3Qy91VpIKGAfOANC+l0vkkD22Qz3Tm3umyTHM/1weW 9GP6BAFb+h3k6ia12nV4Z4XTYc9SJTM5F/SP0YrI4zMjQqDe4jfzcX3mO9yx5W5T wUMjVMZLSD/DFqplFNSJY6k461pZR3zlRUlJ9JFtHU4coiOWzcMqSp3y9oTZsUDZ f2g2x7uC40125Zpnh5LYvyg6aj+IljdokIDlmg0fQkaT7bETZikOsNhbKsYXBvk0 ymJPZ0HAnrdB3JWXAOs4xDrmWX7uRbStTw+wbg+G8uBTC5UnKl3Z2gVC4uTcjOB9 qWI/DwUZ4TsV =ToQJ -----END PGP SIGNATURE-----