Accepted libssh 0.11.2-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted libssh 0.11.2-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 28 Jun 2025 06:05:01 +0000
Message-id: <[🔎] E1uVOgP-00AGJv-0u@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 28 Jun 2025 07:42:47 +0200
Source: libssh
Architecture: source
Version: 0.11.2-1
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <bigon@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Closes: 1108407
Changes:
 libssh (0.11.2-1) unstable; urgency=medium
 .
   * New upstream security/bug fix release:
     - CVE-2025-4877: Write beyond bounds in binary to base64 conversion
       functions
     - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file()
     - CVE-2025-5318: Likely read beyond bounds in sftp server handle
       management
     - CVE-2025-5351: Double free in functions exporting keys
     - CVE-2025-5372: ssh_kdf() returns a success code on certain failures
     - CVE-2025-5449: Likely read beyond bounds in sftp server message decoding
     - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL
       backend
     (Closes: #1108407)
   * Drop 0001-Fix-multiple-digit-major-version-for-OpenSSH.patch.
     Applied upstream.
Checksums-Sha1:
 4dc4f1cad010349b6c3f99dff9227d4bffabf36d 2583 libssh_0.11.2-1.dsc
 ece1eb034eab3b1cc7a283d2a7bd2dc59a57686b 619428 libssh_0.11.2.orig.tar.xz
 b8030dd740e50343e68cb88d7b67d1a3f8db9aef 833 libssh_0.11.2.orig.tar.xz.asc
 275ca113390300b71acaddf5941d40bf600a9b42 31360 libssh_0.11.2-1.debian.tar.xz
 46eb42fbcfb58378842db8ad95390dfa9e12141f 7668 libssh_0.11.2-1_source.buildinfo
Checksums-Sha256:
 e784a9c8dce71b0a5a069a855020049c13e54786761c6c506a257c11d6013426 2583 libssh_0.11.2-1.dsc
 69529fc18f5b601f0baf0e5a4501a2bc26df5e2f116f5f8f07f19fafaa6d04e7 619428 libssh_0.11.2.orig.tar.xz
 fd0f8ddd79a118a58b04919a6907da81b8ab9a70f5173a4080fbf5484a26d4ea 833 libssh_0.11.2.orig.tar.xz.asc
 a1f2ce49cf49f83139bee0fb2af1e7c9c8c1daa62b316b2f5fa2b41d157f3a61 31360 libssh_0.11.2-1.debian.tar.xz
 6f454b4f2aee7b6b686f89923c0c1efa07cff99d34a131382a2bc0f95376f31b 7668 libssh_0.11.2-1_source.buildinfo
Files:
 342972c454f28ca9ebba78a144e752fe 2583 libs optional libssh_0.11.2-1.dsc
 7e9afb4cf63abbcd8bc448124dfdf3fa 619428 libs optional libssh_0.11.2.orig.tar.xz
 2568a84e31e2bd0f5ae1cf664d26c8e0 833 libs optional libssh_0.11.2.orig.tar.xz.asc
 40f7fcb44ed0f9760ead3ce8662b7163 31360 libs optional libssh_0.11.2-1.debian.tar.xz
 85e7168016492a2400b1489743d051bf 7668 libs optional libssh_0.11.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmhfgsQACgkQ7nvd5Lhr
VxMrGQ/+ORSWc8Lb2jSp/ooyuZ/qxSLZkQ5gdN4RXG1/fne5jJ8FoXzBzhUb4P+j
MiD0sI+fd4u8mjFW3DQqcjb0oPIowxbtKG3+QiaaUMcLgtMnF4mg1St5r7vCfnK1
50dtKggSaPUxT9yM4SvgVm+uNKuEoFCIsx+D+H7apWTY2sBrTlXL7xnn9khHUZmI
vT86vZ+d7F9c+cmb6uO4yof4hYTX1ZlwDlNZZtmb3qboHEqyKBJvzLoJfuwKukaH
g68v6mwU9oVBPW2iMsJB9b4riLdWY1V4XPHHC/MDUN4VuZp2/2gZ8QOp6RhacrOc
4gucDx/+HG/MJ6bbZGsI/+ed9m4Q6QLi6AWNPgsEYBtOiGpF+Onr+99Qq0K0Abmt
0YL0II6sIbSPLHZd776vm1iwCHYa2og0x+1uUi+pBWKq4xuGlZZu/0xqVsBVGPF7
z449jDwGjt9zZf+mmamu7I2I9Fv+nPM3w0kfsEdF3LDotAW8MQkehzH0vcfXw5zd
plLGiJqtXEPhwQENjCC5OnBu98cZblwSoknhh+7rmfk3ozBLvT66cnh9UkBu6/S7
9DfBeK+WvT77HULHtGj9KvTXzdnBxzMopuCDBfAsglZ6Tv+kgJYVZax90QsN9db/
gXYoPF7VuIxgmn+Bttg22dzXLSgGOlhqShyk4Itvt19qOsuGIDY=
=Iy/m
-----END PGP SIGNATURE-----

Attachment: pgpPoU16WWyZh.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted doctrine 3.4.3+dfsg-1 (source) into experimental
Next by Date: Accepted cockpit-machines 334-1 (source) into experimental
Previous by thread: Accepted doctrine 3.4.3+dfsg-1 (source) into experimental
Next by thread: Accepted cockpit-machines 334-1 (source) into experimental
Index(es):
- Date
- Thread