Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libssh 0.9.8-0+deb11u2 (source) into oldoldstable-security
Date: Thu, 27 Nov 2025 09:10:22 +0000
Signed by: Emilio Pozuelo Monfort <pochu@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 12:39:43 +0100
Source: libssh
Architecture: source
Version: 0.9.8-0+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Closes: 1108407
Changes:
 libssh (0.9.8-0+deb11u2) bullseye-security; urgency=medium
 .
   * Add various security fixes (Closes: #1108407)
      - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions
      - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file()
      - CVE-2025-5318: Likely read beyond bounds in sftp server handle management
      - CVE-2025-5372: ssh_kdf() returns a success code on certain failures
     https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/
     (Closes: #1108407)
   * CVE-2025-8114: Possible NULL pointer de-reference calculating KEX session id
   * CVE-2025-8277: Memory leak of ephemeral key pair during wrong KEX guessing
   * Set CI to bullseye.
Checksums-Sha1:
 8ac8c312f41ca085164d775463ec10973d61a5d6 2476 libssh_0.9.8-0+deb11u2.dsc
 9c937ff6914c6873e8247526401d2303438b0724 508168 libssh_0.9.8.orig.tar.xz
 06d5f26a25254d3c57fe29a6484186ea740d1b34 33772 libssh_0.9.8-0+deb11u2.debian.tar.xz
 fe343f3255d1521f50554c6e46d627dd70888da9 6562 libssh_0.9.8-0+deb11u2_source.buildinfo
Checksums-Sha256:
 358e9fc7e6325ad8f8042f5b57bd86cb67fee96dbae22a9f3a4ed9f518fbf696 2476 libssh_0.9.8-0+deb11u2.dsc
 9f834b732341d428d67bbe835b7d10ae97ccf25d6f5bd0288fa51ae683f2e7cd 508168 libssh_0.9.8.orig.tar.xz
 4ad2a19bdcc714c598f359a1b97fb75837bb936473ad1ab249fae87b103575d8 33772 libssh_0.9.8-0+deb11u2.debian.tar.xz
 e54b819d53d084c86c535ef9705b0850cab24ea14f1a396e97a68016e24b5013 6562 libssh_0.9.8-0+deb11u2_source.buildinfo
Files:
 16ee425ed0c53948c888c25dff615f1e 2476 libs optional libssh_0.9.8-0+deb11u2.dsc
 3dc7a87cbf9d507eaa76319bfbce9c14 508168 libs optional libssh_0.9.8.orig.tar.xz
 1fecba8eb2d5f3702d1e6e8260fe1b5d 33772 libs optional libssh_0.9.8-0+deb11u2.debian.tar.xz
 620477d76e3b8bbcec8547e24a8ed5eb 6562 libs optional libssh_0.9.8-0+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmkoEekACgkQnUbEiOQ2
gwJSSg/+Oo5jcDe4yKq9qotQ5jZs9SGjwQjES1GXhp4LXx0b08nUsNE4NRUVI9Md
w2/5iLxaA5negnq5Q0aVnk27OGRbS+ioUZblUIs0lb4ivDvUceg1/BvNT4dz8+Qc
f182FqjDa2oqpZekosRYAQ9u+YfmljLrsbqzTTf8QRRPBw2ll6Co8RE2TsoK9+/H
Tjcm/C1kT9/h9gzLecMKQ3VsR31AjxzFMWGv+ev2WeWmAwF3laYxgAJkwR81hlV9
c9SpxDQ2AGEKfQd7lCw79n71yQMCdNdfwx/FR6+6xI8ac39W4QFV9gDMkE9eEhPP
di5bul4BgN1+FOqD4ZpOVwdZvMpNNDNMcaiANuJo9tinxGY8M7unh2FXI+dHAPbI
LO9WtVf0fbumVzUOONDctLO56rqw9VcnTl0lcS7TDA2jtv8e+gxJ+Is5Ynj1HrVf
ugunEJx/YkZRzYoO7fz9bg6iJRA6HzeX76lHt1tRNS0OFkCsz3DtDFGBy+sNY7Wi
qU1hyHFA66B8L3deiBls8QguRrJ+CFzGVvGeHJFtds4swR2O+761n5yNHhMvAQN0
YZ09rv51EsoK8P520QtsGyGicaN8+CZaau25ABZ9WnbW4IHdkZ9ERlUsgUstc3tO
9f1Kwuuyfvwui9eg4R6yal3BuwbSDV0FNUCaWLbaJfpg3vaOoCI=
=PXwL
-----END PGP SIGNATURE-----

News for package libssh