-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 21 May 2023 18:22:05 +0000 Source: libssh Architecture: source Version: 0.9.7-0+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Laurent Bigonville <bigon@debian.org> Changed-By: Martin Pitt <mpitt@debian.org> Closes: 1035832 Changes: libssh (0.9.7-0+deb11u1) bullseye-security; urgency=medium . * New upstream security microrelease: - CVE-2023-1667: Authenticated remote DoS. Fix authenticated remote DoS through potential NULL dereference during rekeying with algorithm guessing https://www.libssh.org/security/advisories/CVE-2023-1667.txt - CVE-2023-2283: Client authentication bypass. Fix client authentication bypass in pki_verify_data_signature() in low-memory conditions with OpenSSL backend; gcrypt backend is not affected. https://www.libssh.org/security/advisories/CVE-2023-2283.txt (Closes: #1035832) * Drop 000* patches which were backported from the upstream stable 0.9 branch, now included in this release. Unfuzz 2004-install-static-lib.patch. Checksums-Sha1: 2c97a5c41a1329c528ebe7f5cbe05d21bd41cdb7 2476 libssh_0.9.7-0+deb11u1.dsc 078df560e5752977803a62f37aeef7c2b528eff6 504676 libssh_0.9.7.orig.tar.xz e28d1df76ce09b5a03e3c695b5c7d6dbe160cddc 27548 libssh_0.9.7-0+deb11u1.debian.tar.xz 86ba5798b9e657cb81da4696be6c8ced85a31e51 6153 libssh_0.9.7-0+deb11u1_source.buildinfo Checksums-Sha256: c9a4b6c6bce399c534b661525113fef7c9d92812f64e2f209125615419601180 2476 libssh_0.9.7-0+deb11u1.dsc 84ac279fff2b8ab1b9b2f883aa3f9313b42dda51c121fe537f0c16417aa1ec72 504676 libssh_0.9.7.orig.tar.xz 815e21f4ae3d675699c9d32883b0d2dfaf82c006df52515971279db9a5495bb7 27548 libssh_0.9.7-0+deb11u1.debian.tar.xz 3058e32f591abf4331d680a651c750f0420fb7b17be32385d47d77f60fa64282 6153 libssh_0.9.7-0+deb11u1_source.buildinfo Files: 091a585dce4aa542dee951c0aaa35c91 2476 libs optional libssh_0.9.7-0+deb11u1.dsc 8fcaba57438c382f0b29bd85d3c8c4ee 504676 libs optional libssh_0.9.7.orig.tar.xz 7e34b58e3412bc0697cee1a1183a1373 27548 libs optional libssh_0.9.7-0+deb11u1.debian.tar.xz f602759a869e0a78b34d83c2c5b86ad8 6153 libs optional libssh_0.9.7-0+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmRqYW0ACgkQ7nvd5Lhr VxORwBAAjrJ/ZHlX/2SSNMdvzhfzu+e3nWLcfLiacIOiGvTt88Sp3J+/th7hf3b6 /Og0mki2rVkMhyKds7a7JQGnL5k8E7KDeatWNbCEfV/M5XSHPK1eg4YAJnl+eg1P aXKSlMJDv9WJy4Wn60i4PrornAvhw2eJ8pPpqaZiZBwKZjFAC7NLV1NRIas9/gJR 4BPk3JdiPVcSDL3YrHNFltxWzAwuQDxZDahF2F0b8MeYdqMebB7H7b8J5Pvz9b9m 19Ssa9GQohhb5GrFxhBapR+H3iHNAz1+tuJSObk/ecyffRWmeyL4EJQy3CQwezYx mdfTgbGLuAJQVFFV55AGbW8Sf26mjTEz/HUCV3Tp4AE/MwOZGlCsntcZ00A0JMWB ErgUpdLqF+RM70dE8mWirSNsYGzg0yHR7fW5/N16hIJs7Dcywd58Ao5HCT4sDvv+ ghgSlFbQrtpjvbe6vymKV2Pc79pxWnNWH7fyjQ9HuJa/uf02tSpUGAUTMUsXiftY Hn3fNeiNaCo1RMJ4Ik3q7Vr/N75BarQ2Ml5Q8zFAAznmo/wME5BugSYEzxOGMBFJ mVFmcz6Z/jQgBU2DRWTr7adtrhudjiAdiX1nko3fQtF1a0sZFXal/d6DKu2aevYy I3AHvYFAKFMDDZ+DcpAzJjbJ1uJ13z/9I1QwvItkLMGt7kap1xM= =zqsh -----END PGP SIGNATURE-----