-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Sep 2023 19:27:44 +0200 Source: libssh2 Architecture: source Version: 1.8.0-2.1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Mikhail Gusarov <dottedmag@debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 932329 943562 Changes: libssh2 (1.8.0-2.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-13115: integer overflow that could lead to an out-of-bounds read in the way packets are read from the server (closes: #932329). * Fix CVE-2019-17498: the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read (closes: #943562). * Fix CVE-2020-22218: missing check in _libssh2_packet_add() allows attackers to access out of bounds memory. Checksums-Sha1: 049820060bf43895be2ce4d535d60cd1e227806d 1835 libssh2_1.8.0-2.1+deb10u1.dsc bdfc81960326fab200745fe807b7db5606073da4 846989 libssh2_1.8.0.orig.tar.gz ec4dc34f2006230a26b1527f02b786100f90b02c 17116 libssh2_1.8.0-2.1+deb10u1.debian.tar.xz e76cd659b3f9a7d0dd6fcb0b1aed75a1cb6c34d2 6315 libssh2_1.8.0-2.1+deb10u1_amd64.buildinfo Checksums-Sha256: fc932f9c37345e11191b546c7a97e5c2fe27803d11c53718764e2f7047eeb29a 1835 libssh2_1.8.0-2.1+deb10u1.dsc 4382d33de790b28f862e53ed59ffbd65f3def7a06e8b6e9ca1b6f70453b4d5e0 846989 libssh2_1.8.0.orig.tar.gz b8cec51fc65b728e844ea8b12b0c4a0088ae10f4cdf103b6f5d29b18a6c905f1 17116 libssh2_1.8.0-2.1+deb10u1.debian.tar.xz 76f71cc1493fa1b9c0644fb84e3b97e440cd773dba89f197122d43ddd84d647a 6315 libssh2_1.8.0-2.1+deb10u1_amd64.buildinfo Files: b43e6c8a9c327b058bdce533cf8e6dbd 1835 libs optional libssh2_1.8.0-2.1+deb10u1.dsc 16bc171b18618007ae53ca1cb076ff9c 846989 libs optional libssh2_1.8.0.orig.tar.gz c40382740f87befe2e54b09e9a5dc0df 17116 libs optional libssh2_1.8.0-2.1+deb10u1.debian.tar.xz 255e160f9fdb0ca4de83b7db5da0a111 6315 libs optional libssh2_1.8.0-2.1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmT6TtwACgkQ05pJnDwh pVIwbw/+J0+Kzzq1bs4HBA4xBajE5Oqj8nFr0oQ6MqIzy9R5l+OmbvCYNyAHSVCx 5y2HNuB+2iUmKvjy2IFxHgUrFuNxr2JWJ+Qf7rI2OWN1Qe9hkqsvSsBq833HCLaB T7ZL2vrPCdMrY6h+L7TLesRDy0JJ2/GuN3ZFSmn0dilTYN+KGuwOLvjrpFf9WZtl /7MwcbpgLewF0ZIt8zm8bpTfPNvF+PYy015jVDDonuSgpOVTO22TMWLwkEjyYcIe 8rOAAavYkVxd/vFIHSiVloUEQEFoFqg2g86jwKX1Qdp6/NIO9GWi+JsvseaFihm+ WJsxvKaxlI/pgW2KlsTq1+/1un45H+xQRpx63KlhNwa5SpgDEZNqhX19/rTkyScd FeXHO9WzTmaZ0LqFlBDRk9VwMw1dakbJDMFqgZs9McwRDgYab+I0/t6H9jRYk9uQ Hsrxb0Xxd4HUzA+2RBik+QZzgsR4h/8JDSzlseLwPzuj+TCUkOSDvXMRvr+N/nwI N7dpGmKdlTDfFn8X23oNpNEahk42SFbrAf3gmBvsImwO8t7M7Vqcro/LcExdrMjM kwwaReiFoshI8IaBflwZn1AUMMhuK4w+aHj23QOEZFeY8h9RZ+3KsiP9tdQ4DOdM WR9cECvGDIy34DKM2QP9MpV6zm7soDx5rnxNygcDXZmLEKHVxvc= =WDdh -----END PGP SIGNATURE-----
