Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted libssh 0.10.6-0+deb12u1 (source) into proposed-updates
Date: Fri, 29 Dec 2023 12:17:12 +0000
Signed by: Martin Pitt <mpitt@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Dec 2023 11:15:40 +0100
Source: libssh
Architecture: source
Version: 0.10.6-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 1059004 1059059 1059061
Changes:
 libssh (0.10.6-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream security release:
    - Fix Command injection using ProxyCommand
      (CVE-2023-6004, Closes: #1059061)
    - Fix missing checks for return values of MD functions
      (CVE-2023-6918, Closes: #1059059)
    - Fix potential downgrade attack using strict kex
      (CVE-2023-48795, Closes: #1059004)
   * Fix regression in IPv6 addresses in hostname parsing from CVE-2023-6004
     fix.  Patch and unit test backported from upstream stable-0.10 branch.
     See https://gitlab.com/libssh/libssh-mirror/-/issues/227
Checksums-Sha1:
 70f20d2f9061572b93e7b97267b542864f00c9e6 2774 libssh_0.10.6-0+deb12u1.dsc
 e8fb3b4750db11d2483cac4b5f046e301c09b72f 561036 libssh_0.10.6.orig.tar.xz
 ef01c0d5506ae2c6d3fbda6c89dca53079f422d6 833 libssh_0.10.6.orig.tar.xz.asc
 34d20bb79279a5a47714c2d1b016f9cdf73a671b 30372 libssh_0.10.6-0+deb12u1.debian.tar.xz
 c9294ff135ae9019acb5c4dcb1ae13af18e7782d 6276 libssh_0.10.6-0+deb12u1_source.buildinfo
Checksums-Sha256:
 82ba2e258448ae1b3287b4ee6f5b5fb02a74b87593635fb0308fadd89d214602 2774 libssh_0.10.6-0+deb12u1.dsc
 1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 561036 libssh_0.10.6.orig.tar.xz
 140420406d7796548b0beaf736e73864c32291787cf2bd3983fdbc41741494ae 833 libssh_0.10.6.orig.tar.xz.asc
 1631c4e6760611bb8ada21e2de47bd56f19615e828f0a39a42c0d7de56188f27 30372 libssh_0.10.6-0+deb12u1.debian.tar.xz
 564044c865c520dc72322e95103ea8e3ac4d7e2f02b3fc7964c92894f1178519 6276 libssh_0.10.6-0+deb12u1_source.buildinfo
Files:
 608e533bec6a02ec473671447238a8f2 2774 libs optional libssh_0.10.6-0+deb12u1.dsc
 5f46371aa8bfa7e6bff7f2a6f3edf80e 561036 libs optional libssh_0.10.6.orig.tar.xz
 75a12048601da804564cfa523bd77bcf 833 libs optional libssh_0.10.6.orig.tar.xz.asc
 56c3d6e6f4e2855879ddf3d102f9daa7 30372 libs optional libssh_0.10.6-0+deb12u1.debian.tar.xz
 b10accdfdd72225b5c9af1d5c50c3e67 6276 libs optional libssh_0.10.6-0+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmWKlRYACgkQ7nvd5Lhr
VxOl8w/+O+lbX3FslzXijZ/uTXMYDfm4a2p30fdP44xZ3xoKD+PXNmfHxvS/QpoQ
w3BS0FgtV97vSqEeU+YCbDKpqMEx4dp9nii3WDsFb8X4JlZtJ+pHqV1Qs9Gs/fTD
YgMJteMmMPEjPkCjQrrpkgO2PEHUDEv99y2IW2RSW5o/OdMqaCfAS4wAkENej9AK
w03I9R5uB/b3C8Zs6WWmpLN+zvNw58Lo+80A9afZrt9frCHu6yd9YNEyngzycWOF
EX4HtAL07D3yKSqO9Tu3sBS6tGxLpoUZqjdHp/psGBjot5kztS1uWejpreajJsXd
dcmOxlzP6FFhGizmn7dhdwHSaLEtCrzkFsWnadV0qqOY/h2sbEhMMK+iudINtl0V
062Ie25qWShItSEIYXQD+qnhLQe5BnjMhdM3oxoY448k881GLLJPztHMopxATbtj
yFa5RJzHtG54I5dStua1+A41qVoqpAPRiBoiiYx2nY8pik0f8NJVkJGa2uoU2bvC
NFgKx9mhvonddJzAPECdzE7wV5e2Na+Zih+C2tqwIlFreMLgNTZPNfS9oPusKkKS
vWx1TBZfSpm8DcahSnTKgcj/nLBdR01oXcURIjKfkGyggCjjj5mbSkzUKRR8T81n
kb9Jtw4ROqHuEhldUGfOHJliXtAMtriHWQPRrC9cvXP8GCbnPZ4=
=9o3B
-----END PGP SIGNATURE-----
News for package libssh
