Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted libssh 0.9.8-0+deb11u1 (source) into oldstable-security
Date: Thu, 28 Dec 2023 14:24:27 +0000
Signed by: Martin Pitt <mpitt@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Dec 2023 11:40:33 +0100
Source: libssh
Architecture: source
Version: 0.9.8-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 1059004 1059059 1059061
Changes:
 libssh (0.9.8-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream security release:
     - Fix Command injection using ProxyCommand
       (CVE-2023-6004, Closes: #1059061)
     - Fix missing checks for return values of MD functions
       (CVE-2023-6918, Closes: #1059059)
     - Fix potential downgrade attack using strict kex
       (CVE-2023-48795, Closes: #1059004)
   * Fix regression in IPv6 addresses in hostname parsing from CVE-2023-6004
     fix. Patch and unit test backported from upstream stable-0.9 branch.
     See https://gitlab.com/libssh/libssh-mirror/-/issues/227
Checksums-Sha1:
 8c1263773fc5705aa982b5bb070547732c1cb1f9 2476 libssh_0.9.8-0+deb11u1.dsc
 9c937ff6914c6873e8247526401d2303438b0724 508168 libssh_0.9.8.orig.tar.xz
 dab8c51a237addfa7b69b555f5a46b2d00be5a9a 29908 libssh_0.9.8-0+deb11u1.debian.tar.xz
 57c10cae6f772f6152106d5a4e390090c2747e24 6272 libssh_0.9.8-0+deb11u1_source.buildinfo
Checksums-Sha256:
 e987b8ab8f35fc3a13b65138cedf4588071b3b70fe4d114d7e91a7c36392dcb8 2476 libssh_0.9.8-0+deb11u1.dsc
 9f834b732341d428d67bbe835b7d10ae97ccf25d6f5bd0288fa51ae683f2e7cd 508168 libssh_0.9.8.orig.tar.xz
 65638ae253e1e76bc3e1d310a55951d2893da2b9b1af068cb45dfee7e68938af 29908 libssh_0.9.8-0+deb11u1.debian.tar.xz
 70364b37a3007d3f2141e2ccd1145f36b278c2d1aee6aa20e394f3217f25b533 6272 libssh_0.9.8-0+deb11u1_source.buildinfo
Files:
 759d7036c3afc6288bcf57b4f90708ac 2476 libs optional libssh_0.9.8-0+deb11u1.dsc
 3dc7a87cbf9d507eaa76319bfbce9c14 508168 libs optional libssh_0.9.8.orig.tar.xz
 e8da8cc6222338cfa5190f3f45a3f19b 29908 libs optional libssh_0.9.8-0+deb11u1.debian.tar.xz
 e09e347e8634040188340c2203a0e92a 6272 libs optional libssh_0.9.8-0+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmWKlDsACgkQ7nvd5Lhr
VxNhKA//WvmSluRO2ztupIsU0PSg/Lb7j1q/KUGfTZQf3gGTbaC2kfCt6ohgrLTo
LouN+qlmvsRX4ZCyRPxnWvGKOhfiZfOdV/3voZmro1fxPb99RDkMPy219g1I2y5n
qcak5zM8fJ4eZ+v/p2JYYGOyGQqYezMeX5EKz+sBHjV8AIDgIdZ6KZlTguPMkJL9
daqa6AZo5f5P7HDcv6yQnh7OZN2KoReMVKkNyXRaqVZml+GPjdJVoXYc3/DR15p6
0ixqdlj2Gm/+zty75TaH78X3qX4EX8yNFf7hKdmGmhtgTEn9tJsNPg/W1TmSGojk
11sX6u5upVk3isOnFIDzYUTsAWRFVD9m7i1F7XoKJS84rbWTpU/F7/PFiZmltVqG
kq8FL1iKxTzxKdnkfNOHk3lHbf+JRv1CKiqIX0HHkk4gHDtb6ZpIny3zwO8jOpZB
TIuHXhjb5DM+1+5f088U5zvuStqh7Y8pNLGviC4jW/ezce2waV6lLnymiy9OJg/O
/RdvV/bdRxJ3ZE1289AT6zoNG9zNlI8mIt6KY+Hn26fXWqPYRPysWc7V2tz0dV8h
VzyoJucN1o0PeWtdpASoq8mCJmMgnQv1Uo4xzFWUtElLrFgyA9hTr1zqT4xtOnLQ
TIhLy5bPTjSUGKsv4TjYqouPRJnBLB9jhFxtTFfPySNS71E7X5k=
=iaUe
-----END PGP SIGNATURE-----
News for package libssh
