Accepted libssh 0.9.5-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Aug 2021 13:52:11 +0200
Source: libssh
Architecture: source
Version: 0.9.5-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 993046
Changes:
libssh (0.9.5-1+deb11u1) bullseye-security; urgency=high
.
* dh-gex: Avoid memory leaks.
Add 0001-dh-gex-Avoid-memory-leaks.patch: Backported from upstream 0.9.6
release.
* Fix handshake bug with AEAD ciphers and no HMAC overlap.
Add 0002-Fix-handshake-bug-with-AEAD-ciphers-and-no-HMAC-over.patch and
0003-Add-initial-server-algorithm-test-for-no-HMAC-overla.patch:
Backport fix and test from upstream 0.9.6 release.
* Create a separate length for session_id.
Add 0004-CVE-2021-3634-Create-a-separate-length-for-session_i.patch and
0005-tests-Simple-reproducer-for-rekeying-with-different-.patch:
Backport fix and test from upstream 0.9.6 release.
CVE-2021-3634 (Closes: #993046)
Checksums-Sha1:
c0d2ed5c8eab7d36708add8474d293fc1dfc7aad 2717 libssh_0.9.5-1+deb11u1.dsc
cac8772e6bea068e4defea067d4290991d566964 502876 libssh_0.9.5.orig.tar.xz
6d7ec8cce3e6d4fc6a4cb399ea4cd2580e6b0640 833 libssh_0.9.5.orig.tar.xz.asc
c008b35eb8ddedb82c4871265c1ca67574d5d8fe 34424 libssh_0.9.5-1+deb11u1.debian.tar.xz
f729f3b7c6856065ea5dad6cc0f88e9c76366dde 7270 libssh_0.9.5-1+deb11u1_source.buildinfo
Checksums-Sha256:
7865bc43f9f194547a36eacf86d74e3761f7045652c544479979cddb18a63215 2717 libssh_0.9.5-1+deb11u1.dsc
acffef2da98e761fc1fd9c4fddde0f3af60ab44c4f5af05cd1b2d60a3fa08718 502876 libssh_0.9.5.orig.tar.xz
e8b6141b7370ea08f83b5d78233e4ab0789a7dab8a11561accf36fb18544fae7 833 libssh_0.9.5.orig.tar.xz.asc
b5ab07da2e44689868bea58d9d606269a0b9f8b5773a9916b83b0642f4d472cd 34424 libssh_0.9.5-1+deb11u1.debian.tar.xz
7b7c0fb5d65df9b9eab48308cd619fb33e093f7bd9c109d00ab291feb4bed04a 7270 libssh_0.9.5-1+deb11u1_source.buildinfo
Files:
1034c7c90f57ff4a136b022a7ce99e98 2717 libs optional libssh_0.9.5-1+deb11u1.dsc
6211e47ba4dfd7f7e9f8a17a601245f4 502876 libs optional libssh_0.9.5.orig.tar.xz
49564e894ab537b4fdd323dc945ff473 833 libs optional libssh_0.9.5.orig.tar.xz.asc
2ad34520735156abb83a9536b123f93e 34424 libs optional libssh_0.9.5-1+deb11u1.debian.tar.xz
d64b7caa61eb6b9c1f07fbb5090a14b9 7270 libs optional libssh_0.9.5-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPbRrVe+lnUDmIyFI0U7xXa/hE0cFAmEsUnoACgkQ0U7xXa/h
E0fZFRAAnCb8PsxnvjZ/zleSpC4Q5XIi1/Iob/IJJKRcf8EIuT77EBYQS2OLkTq/
z+IJOomS/S1sFdkcK5Ka9VXV7ONMOaVSnSg8YCzEvU7PXeHHX/8b+Mr2UGOBlpOB
fOz5JNNgEe+V5AxIS2aBn+NGu7Um3eJy5jIuPvCrQ2k9fXpiRulX04OmxhZUFMXF
03Ig0B8vqDQrncfNtSBuNQaz2I4d/9Uwgz1GNilOUFu4IXneUvHDdZA9dd6dOqly
pOal43hPWkLXPx1nmWyNKT3fD1zHxDqBiwYC4ayPn0bvKoGTUeqBFvrTIxMHg/Ul
L7eNl7VFZNZOdHpuDHz41jEY7Z9coV+/XuU67l/zLicd0kZJIAY+pdoVDsMFMJeH
/3ETnfQ/aIRqCAwp/pgfRAXlPGqKF5LHT0mEpamC88YwOd6+2o5GJ5Lb9F+MhYPB
S0aGTjOdWGaH0Yvq5J/vTb9U2X70n1oKXHGiiWEA5MSawWocticNHsbLJx7wNe03
bGNKyYLVCWQRBxp6o781IjpRQFgZK84lv+D+i+6KG85wx8nbxzl+zvx9Pc2ts1pj
xxctHC+bTxv5BOH2fVK/P7vBLpyH6PDK54Hog0TlOs0i76ns1TMULMhzWYQhOYRN
jH+oCkAlLLpBRzyPfK4HcaUWVryw41ndqYYNRNdkllQ84haZfl0=
=0LOJ
-----END PGP SIGNATURE-----
Reply to: