Debian Package Tracker

From: Mike Gabriel <sunweaver@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libssh2 1.4.3-4.1+deb8u5 (source) into oldoldstable
Date: Tue, 30 Jul 2019 19:50:11 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 30 Jul 2019 15:38:25 +0200
Source: libssh2
Architecture: source
Version: 1.4.3-4.1+deb8u5
Distribution: jessie-security
Urgency: medium
Maintainer: Mikhail Gusarov <dottedmag@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Changes:
 libssh2 (1.4.3-4.1+deb8u5) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2019-3860:
     - Drop functionally duplicate if-clause. Backporting artifact.
     - Add CVE-2019-3860-2, CVE-2019-3860-3 and CVE-2019-3860-4 patches:
       Backporting more boundary checks, fixing error result code
       (LIBSSH2_ERROR_BUFFER_TOO_SMALL instead of
       LIBSSH2_ERROR_OUT_OF_BOUNDARY).
Checksums-Sha1:
 672b0fd74006dd7276be5e6f74512f0a35a93e5b 1928 libssh2_1.4.3-4.1+deb8u5.dsc
 0cb27c2acef11af3bb8ec4f4a093fe11b8753a3b 21604 libssh2_1.4.3-4.1+deb8u5.debian.tar.xz
 a1728828ceb25821cffa4cdc9a08242fed75660b 6060 libssh2_1.4.3-4.1+deb8u5_source.buildinfo
Checksums-Sha256:
 868c726083fa684919aacf88a4384a0457ba6a931d2582db9f32c320b6c0a1ba 1928 libssh2_1.4.3-4.1+deb8u5.dsc
 8c0347bf417e8008792eaaf9eb2ce9e0c6bce88c97de0c47c04c8dea1176fa7a 21604 libssh2_1.4.3-4.1+deb8u5.debian.tar.xz
 012a0f89e9e973f82c1dc02dd071dada82d28868a1da5e22a9f5df8e51675de5 6060 libssh2_1.4.3-4.1+deb8u5_source.buildinfo
Files:
 4c112f5aee1d6da81160e8c63d237dda 1928 libs optional libssh2_1.4.3-4.1+deb8u5.dsc
 fbff80c239f62a31f2399b3ecb507688 21604 libs optional libssh2_1.4.3-4.1+deb8u5.debian.tar.xz
 4295838b6f4c9868420ce019c0415133 6060 libs optional libssh2_1.4.3-4.1+deb8u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1AnCEVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx0RYQAKicV90k9UvYjdCseEo1pDn4mAxm
+5LdUMEzjg6HwGrKAQ8Er7OO2gBKhHFXbixtrZXjuV86E9YACih8IMFtbO5Ada+E
w2XnSZFyuXlHoPm5Apb94MpkIC/Bk5WzWamgXnY5rFp6nw9FO7BIVPImf4cvdKgM
Flz5Uxnfp5r4nWJv5UNiyb0NQdX/oKd3YfaYON74MIV2xTlUxPH/aa7P6bZlhqxW
x3tG63jRS1X7Xq6bO6JpDWwESDaCv+n159SbhPTDlI1O8yPVxQ+zMdVDlr4fQGDu
FYGe/KrwcOth2SNQItUGY0b/XG634Lh5/Sb8VohcfheUzIxyuDOtWBb0Pfr42Aph
LFHe9+9pdJzz86fPcvKtnNyOVjoANHjK4KRQIwzC6i7cVaXCi1z7Xhmu0acWE0r9
7+EwMt05zi9R+nc2oWKRIHTv7p6audI9HLWH+WtXgNQ89VHxEhZHDkfwsRpAb846
KNy3oDOMkF1L3d8AwUj9bdopTnJY0wlWPRSGHKMKUnjtKOqpMHGypOVyh20MUWD8
oylwtrn/pGyTV7D1MBAjkF9l2abPP43m+kUga7+Zked9dJn4fO4VBU+kfSP+KDfx
e4f5mCWOdZ8QGTBQMNSoj2gmsGz7b4UWw1AGqiwvnvmzFL7uGx90A34eNW/OsVK0
egmVM1k9wghgynFU
=yiZG
-----END PGP SIGNATURE-----

News for package libssh2