Your message dated Sat, 09 May 2020 11:53:52 +0100 with message-id <fd7fa4d56896c35aab49a5a51cb69727dc60e87a.camel@adam-barratt.org.uk> and subject line Closing requests included in 10.4 point release has caused the Debian Bug report #959081, regarding buster-pu: package libssh/0.8.7-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 959081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959081 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package libssh/0.8.7-1
- From: Laurent Bigonville <bigon@debian.org>
- Date: Wed, 29 Apr 2020 10:45:08 +0200
- Message-id: <158814990848.1967102.9073026435344236589.reportbug@edoras.bigon.be>
Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu Hello, Please allow an upload to fix #956308 (CVE-2020-1730). That upload should also probably end up in the coming point release changelog | 7 +++++++ patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch | 32 ++++++++++++++++++++++++++++++++ patches/series | 1 + 3 files changed, 40 insertions(+) Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy>From 75f81629de6636a82d0129ad86d9b41dd5d9b8da Mon Sep 17 00:00:00 2001 From: Laurent Bigonville <bigon@debian.org> Date: Wed, 29 Apr 2020 10:38:58 +0200 Subject: [PATCH] Fix possible DoS in client and server when handling AES-CTR keys with OpenSSL, cherry-picked from upstream (Closes: #956308 CVE-2020-1730) --- debian/changelog | 7 ++++ ...ossible-segfault-when-zeroing-AES-CT.patch | 32 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 40 insertions(+) create mode 100644 debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch diff --git a/debian/changelog b/debian/changelog index c4273f2f..8225fbd2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libssh (0.8.7-1+deb10u1) buster; urgency=medium + + * Fix possible DoS in client and server when handling AES-CTR keys with + OpenSSL, cherry-picked from upstream (Closes: #956308 CVE-2020-1730) + + -- Laurent Bigonville <bigon@debian.org> Tue, 28 Apr 2020 13:40:28 +0200 + libssh (0.8.7-1) unstable; urgency=medium * New upstream bug fix release 0.8.7. diff --git a/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch b/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch new file mode 100644 index 00000000..cdbc51f5 --- /dev/null +++ b/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch @@ -0,0 +1,32 @@ +From: Andreas Schneider <asn@cryptomilk.org> +Date: Tue, 11 Feb 2020 11:52:33 +0100 +Subject: CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key + +Fixes T213 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> +(cherry picked from commit b36272eac1b36982598c10de7af0a501582de07a) +--- + src/libcrypto.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/libcrypto.c b/src/libcrypto.c +index 340a3e6..b3285e0 100644 +--- a/src/libcrypto.c ++++ b/src/libcrypto.c +@@ -636,8 +636,12 @@ static void aes_ctr_encrypt(struct ssh_cipher_struct *cipher, void *in, void *ou + } + + static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){ +- explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key)); +- SAFE_FREE(cipher->aes_key); ++ if (cipher != NULL) { ++ if (cipher->aes_key != NULL) { ++ explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key)); ++ } ++ SAFE_FREE(cipher->aes_key); ++ } + } + + #endif /* HAVE_OPENSSL_EVP_AES_CTR */ diff --git a/debian/patches/series b/debian/patches/series index 842c602c..db23779b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ +0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch 1003-custom-lib-names.patch 2003-disable-expand_tilde_unix-test.patch -- 2.26.2
--- End Message ---
--- Begin Message ---
- To: 932251-done@bugs.debian.org, 933839-done@bugs.debian.org, 939120-done@bugs.debian.org, 942520-done@bugs.debian.org, 943889-done@bugs.debian.org, 947102-done@bugs.debian.org, 947142-done@bugs.debian.org, 947172-done@bugs.debian.org, 947442-done@bugs.debian.org, 948333-done@bugs.debian.org, 948381-done@bugs.debian.org, 948786-done@bugs.debian.org, 948855-done@bugs.debian.org, 949113-done@bugs.debian.org, 949702-done@bugs.debian.org, 949890-done@bugs.debian.org, 949891-done@bugs.debian.org, 949897-done@bugs.debian.org, 949921-done@bugs.debian.org, 950104-done@bugs.debian.org, 950105-done@bugs.debian.org, 950478-done@bugs.debian.org, 950546-done@bugs.debian.org, 950547-done@bugs.debian.org, 950655-done@bugs.debian.org, 950765-done@bugs.debian.org, 950773-done@bugs.debian.org, 950795-done@bugs.debian.org, 950854-done@bugs.debian.org, 950918-done@bugs.debian.org, 951146-done@bugs.debian.org, 951399-done@bugs.debian.org, 951563-done@bugs.debian.org, 951761-done@bugs.debian.org, 951769-done@bugs.debian.org, 951871-done@bugs.debian.org, 952414-done@bugs.debian.org, 952441-done@bugs.debian.org, 952586-done@bugs.debian.org, 952785-done@bugs.debian.org, 953005-done@bugs.debian.org, 953124-done@bugs.debian.org, 953246-done@bugs.debian.org, 953647-done@bugs.debian.org, 953737-done@bugs.debian.org, 953797-done@bugs.debian.org, 954001-done@bugs.debian.org, 954073-done@bugs.debian.org, 954269-done@bugs.debian.org, 954398-done@bugs.debian.org, 954404-done@bugs.debian.org, 954714-done@bugs.debian.org, 954757-done@bugs.debian.org, 954835-done@bugs.debian.org, 954838-done@bugs.debian.org, 954862-done@bugs.debian.org, 954985-done@bugs.debian.org, 955395-done@bugs.debian.org, 955410-done@bugs.debian.org, 955508-done@bugs.debian.org, 955509-done@bugs.debian.org, 955510-done@bugs.debian.org, 955547-done@bugs.debian.org, 955860-done@bugs.debian.org, 956155-done@bugs.debian.org, 956216-done@bugs.debian.org, 956315-done@bugs.debian.org, 956533-done@bugs.debian.org, 956535-done@bugs.debian.org, 956536-done@bugs.debian.org, 956801-done@bugs.debian.org, 956861-done@bugs.debian.org, 956890-done@bugs.debian.org, 956913-done@bugs.debian.org, 956932-done@bugs.debian.org, 958053-done@bugs.debian.org, 958141-done@bugs.debian.org, 958173-done@bugs.debian.org, 958395-done@bugs.debian.org, 958399-done@bugs.debian.org, 958489-done@bugs.debian.org, 958490-done@bugs.debian.org, 958568-done@bugs.debian.org, 958714-done@bugs.debian.org, 958716-done@bugs.debian.org, 958814-done@bugs.debian.org, 958887-done@bugs.debian.org, 958916-done@bugs.debian.org, 958931-done@bugs.debian.org, 958969-done@bugs.debian.org, 958994-done@bugs.debian.org, 959081-done@bugs.debian.org, 959101-done@bugs.debian.org, 959224-done@bugs.debian.org, 959431-done@bugs.debian.org, 959489-done@bugs.debian.org, 948191-done@bugs.debian.org
- Subject: Closing requests included in 10.4 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 09 May 2020 11:53:52 +0100
- Message-id: <fd7fa4d56896c35aab49a5a51cb69727dc60e87a.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 10.4 Hi, Each of the uploads referred to by these bugs was included in today's stable point release. Regards, Adam
--- End Message ---