Accepted libssh 0.10.5-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 May 2023 08:00:26 +0200
Source: libssh
Architecture: source
Version: 0.10.5-1
Distribution: unstable
Urgency: high
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 1035832
Changes:
libssh (0.10.5-1) unstable; urgency=high
.
[ Martin Pitt ]
* New upstream security release (thus high urgency):
- Fix authenticated remote DoS through potential NULL dereference during rekeying
with algorithm guessing (CVE-2023-1667)
https://www.libssh.org/security/advisories/CVE-2023-1667.txt
- Client authentication bypass in pki_verify_data_signature() in low-memory
conditions with OpenSSL backend; gcrypt backend is not affected
https://www.libssh.org/security/advisories/CVE-2023-2283.txt
(CVE-2023-2283, Closes: #1035832)
* Bump Standards-Version to 4.6.2. No changes necessary.
* Drop debian/source/lintian-overrides. It now causes a "mismatched-override"
warning, and apparently is not necessary any more.
* debian/copyright: Drop files which don't exist any more.
Spotted by lintian's "superfluous-file-pattern" warnings.
.
[ Debian Janitor ]
* Bump debhelper from old 12 to 13.
* Avoid explicitly specifying -Wl,--as-needed linker flag.
Checksums-Sha1:
ddb59b6af4d50563b33b21973e1b2b0758b675c7 2742 libssh_0.10.5-1.dsc
bc6b6858c3f4d07a302d838258d98e5bae790387 557776 libssh_0.10.5.orig.tar.xz
dc55b86977ec5348d3048118c3beccd5d1b06da9 833 libssh_0.10.5.orig.tar.xz.asc
d8d354cc003f4cc254f672fb968e13865059f00b 28016 libssh_0.10.5-1.debian.tar.xz
29c7fbab76614a2fb35d9c473593912876904b1c 7413 libssh_0.10.5-1_source.buildinfo
Checksums-Sha256:
2dbdceacadaa1ce6629bef199a44e2c89b9b220996337c858f54970914b4f4f0 2742 libssh_0.10.5-1.dsc
b60e2ff7f367b9eee2b5634d3a63303ddfede0e6a18dfca88c44a8770e7e4234 557776 libssh_0.10.5.orig.tar.xz
cc5427ac9480b30f87f7c3c2dca1830c1e7fe3c18503da2c07d4110150916c66 833 libssh_0.10.5.orig.tar.xz.asc
06b785dde60a98934d56095834a41562a58039b034a2d7f1eb90bc633d84b83e 28016 libssh_0.10.5-1.debian.tar.xz
6d2e8069eca275285bf54f9c8a5dc87571af90a02d8e69bc0741b80b9e0f6d48 7413 libssh_0.10.5-1_source.buildinfo
Files:
63f682b498516dc66aa3059964baafca 2742 libs optional libssh_0.10.5-1.dsc
d8db64ad57bbf25fc53396dd5438a3ef 557776 libs optional libssh_0.10.5.orig.tar.xz
5216efd082214fa43e966115bb9502f8 833 libs optional libssh_0.10.5.orig.tar.xz.asc
d8d8a5b28a9802a5ce080df8ecb31fed 28016 libs optional libssh_0.10.5-1.debian.tar.xz
1d9dca270a1bb5fdaa7aba64f838cd19 7413 libs optional libssh_0.10.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmRbMzAACgkQ7nvd5Lhr
VxPuEg//deLK4VLcee6GdodxblILU04rQ1ZC9GteXOKY3ApOgVYnUHwgJx3Js8OG
l5A5vBImnv+3wctnxEce4AXj76YrB2uKEH+LRFwCTqrSwfjmYVvw1OcpBiu6nJSi
GvPoJ+eZ7Om+WCxr/Rn7ainN3pejejMxTiPIV6HYIY6wMsV7zC1fqt8eLD82IDIw
jN/7xoSKmVto7IauGisKpOFCtgkkJe4rcnoZYUyqm9AyZvDvo8jootYbWPGs8MLi
waOuvPrKEtfpYE/A4TLAn6GAw/GUTFFeNi18orMXQCIzIHn2xvTOWBY8F5Zplrpa
SDWnH8AmEEp7OIGymQf30sHugYlFceqJcikem0/LyL6uLxROM2NfYcLcYisQPVdz
ebL+l+r4MV/mlAoqwlKy02ij5Vt4RtwTYM2x8QE+KHLYVCCZCBbJLLoFoDTepybG
QO7z+0iGFgwq6Ig3abalkI93qxd7Xd+FDFYFpacRhCkgxB99OuPQmoiyqEav7Rof
MV7G+cc4r7Xz1F0rhOlvF6tkxIBWoKMnmL6Ko37btAqFQlSohCODQt1KJtYKoEq+
tEBkBRFMFRGGRA7sULyKENBzCvXUV/Y6il+wCUpnsuhVQRpX+Hm1xJxOJHoSKRKR
7QJ0GPrOWlzmEqCnJSAdrtyUz27NQ+DWS/QTNT8zTFwSPceHow4=
=x/4l
-----END PGP SIGNATURE-----
Reply to: