-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 26 Nov 2025 10:29:30 +0100
Source: libssh
Architecture: source
Version: 0.10.6-0+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Closes: 1108407
Changes:
libssh (0.10.6-0+deb12u2) bookworm; urgency=medium
.
[ Martin Pitt ]
* stable-security → bookworm-security
* Backport security patches from 0.11.2.
- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions
- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file()
- CVE-2025-5318: Likely read beyond bounds in sftp server handle management
- CVE-2025-5351: Double free in functions exporting keys
- CVE-2025-5372: ssh_kdf() returns a success code on certain failures
- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend
https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/
(Closes: #1108407)
.
[ Emilio Pozuelo Monfort ]
* Add patch for CVE-2025-8114
* Add patches for CVE-2025-8277
Checksums-Sha1:
d49167960c39304c6ee0aae2879b553db591ab6a 2774 libssh_0.10.6-0+deb12u2.dsc
e8fb3b4750db11d2483cac4b5f046e301c09b72f 561036 libssh_0.10.6.orig.tar.xz
ef01c0d5506ae2c6d3fbda6c89dca53079f422d6 833 libssh_0.10.6.orig.tar.xz.asc
e2f3f43a7d5333822057a3bceed64e8a73bd862d 35196 libssh_0.10.6-0+deb12u2.debian.tar.xz
dd4b8f0d800764e341ac4258f548355738d321a4 6566 libssh_0.10.6-0+deb12u2_source.buildinfo
Checksums-Sha256:
4e798a40fd3a97317683b818f28a41a6e9658a66da7375c40fe0d45f0168c755 2774 libssh_0.10.6-0+deb12u2.dsc
1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 561036 libssh_0.10.6.orig.tar.xz
140420406d7796548b0beaf736e73864c32291787cf2bd3983fdbc41741494ae 833 libssh_0.10.6.orig.tar.xz.asc
42fab6ba35f5338a63f5c593966f4669c41f6192a1262c5575f719ab33cdc1d5 35196 libssh_0.10.6-0+deb12u2.debian.tar.xz
d95a26e5a77954d1c86968c63df967c07fc15102983bf428ad6c9b0f1bd655c3 6566 libssh_0.10.6-0+deb12u2_source.buildinfo
Files:
a2d799e17191a880ffcb8a6acea0b252 2774 libs optional libssh_0.10.6-0+deb12u2.dsc
5f46371aa8bfa7e6bff7f2a6f3edf80e 561036 libs optional libssh_0.10.6.orig.tar.xz
75a12048601da804564cfa523bd77bcf 833 libs optional libssh_0.10.6.orig.tar.xz.asc
3b83514fce296185b2dfc1dc1ab0d4ca 35196 libs optional libssh_0.10.6-0+deb12u2.debian.tar.xz
8de4fe514eb34d0a4b0935b1b32b339b 6566 libs optional libssh_0.10.6-0+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmkr9eMACgkQnUbEiOQ2
gwKSXhAArq3ZPNGhjR4djC+O3liB2jgXeS6Qv0txbVxV5JZ23COKxAnop3WTNkcV
adnCBbJrrqel1i1p6huKU5iS9IhYgpA8ALgKvmzFbZZykxND8t9awZ8hcygN2Iwl
Q2/ejJ+USwaRDeV8cziW5vDZ+kb4cLjf4aGvrqaDyCvJVoLPKI8ZefoddUz0blby
UvbVKiA634IwCi7djhdi5n6SwMH2A/B2f77c5AGzzc563GOvyjm9xXMXFHFcmEYj
K5GZL489PKmGCYO1WXaMawKwDbo3AQSMBE26wIgls8BRmhSmcnS+zDAdZkQIaBWI
E77Iy4UWPd5nZu28vHttcZPPNETVQEitKQJVwggsFONQvw1aabGA5mqRtL4Ju3ML
k49TxoT5RREusMzAMAvnC/H6RvXLjYrhLWOQDZ7v1HqSwp8exWbMr3LlJLyyC8bq
LRX+FPG8B3yZzOinACGqOPaakgzhxvzmF4o6oRO7OpPSUHgcAx/QT+gEGAjcVKLT
xILCmBGHUdPfRnpkOC6rTElwx0a0/Umj4wWtvwqha6T6XSTcelYuQMJG2+V/Yron
KgGxCrI/4rfXuB+QqxJ08bjxwm6a8r0+S9tauLFDk6wmNrxVsf5xd492O9BzWQs7
6WZY/QihzW8z3iZuRBUvd4HiodsHhseaysikbB4ZkIABblQg8j4=
=cJIP
-----END PGP SIGNATURE-----
Attachment:
pgpRTi4ZlgRJH.pgp
Description: PGP signature