Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 14 Sep 2025 09:54:50 +0200
Source: libssh
Binary: libssh-4 libssh-4-dbgsym libssh-dev
Architecture: loong64
Version: 0.11.3-1
Distribution: unstable
Urgency: medium
Maintainer: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dev - tiny C SSH library - Development files (OpenSSL flavor)
Closes: 1109860 1114859
Changes:
libssh (0.11.3-1) unstable; urgency=medium
.
* New upstream security/bug fix release:
- CVE-2025-8114: Fix NULL pointer dereference after allocation failure
(Closes: #1109860)
- CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated
wrong KEX (Closes: #1114859)
- Potential use-after-free when send() fails during key exchange
- Fix possible timeout during KEX if client sends authentication too early
- Cleanup OpenSSL PKCS#11 provider when loaded
- Zeroize buffers containing private key blobs during export
Checksums-Sha1:
21313c32bf02162b3e0c1e1e2975a8925584ef47 599212 libssh-4-dbgsym_0.11.3-1_loong64.deb
07ae1ce37aaead35e56c5b1a5a4a38d4089123db 209020 libssh-4_0.11.3-1_loong64.deb
eacb397d08e79e1824fd8ad58384ab0b8e8bd4f3 581316 libssh-dev_0.11.3-1_loong64.deb
e9cc4c9344a9c69c006cc673f7a597324fef15e8 8399 libssh_0.11.3-1_loong64.buildinfo
Checksums-Sha256:
aba8e77bcdea816c264f2aca0dd82e76fe0ee57531d5ea2e0d30c21da0654ead 599212 libssh-4-dbgsym_0.11.3-1_loong64.deb
b06cdb6c342d0c4b7a5d42fe60376b3b3be88c89d0d741fbff73877cea9edf49 209020 libssh-4_0.11.3-1_loong64.deb
a66ba802354228c8edbc31f2f662ee518df7d9916aa0cf75a4ad6a94dd016bfd 581316 libssh-dev_0.11.3-1_loong64.deb
6030351f473bfd758a2d2a9bda9a450aa4038a7c4c05ba09fc88ba39024449fe 8399 libssh_0.11.3-1_loong64.buildinfo
Files:
8a929b00de664569e9f214ec06a7622a 599212 debug optional libssh-4-dbgsym_0.11.3-1_loong64.deb
f8bd0b38219891f2759900e13a0eced2 209020 libs optional libssh-4_0.11.3-1_loong64.deb
fb411d5dbbfca87d4fe3564c4afaaf3a 581316 libdevel optional libssh-dev_0.11.3-1_loong64.deb
dda0b89a10eed368954ecbe2a962b226 8399 libs optional libssh_0.11.3-1_loong64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEESo6Sp1ScbLflCes0cWwWftNRQXIFAmlByv8bFIAAAAAABAAO
bWFudTIsMi41KzEuMTEsMiwyAAoJEHFsFn7TUUFyXGEP/RGT8qUi4PmRHXuBYtvP
kzn+rr3yvzHaE8ojDI1rZPilcD72nTXZtabU6c+6J7GYwUNPq78ZUBaUZ2cbnnhU
rEntIiI66eoMYj76E5gxYCsMuorNlR+e9vIVOcT0/a/ri6zDsuGuqeIn8M3hAxPf
M/nZycemHHZHtTDNaN0avMc14FOKiOIazzoJGJMokVY+Jw25q8gCyhOeJlm0c+aL
/7gniyx3nvTjYPXAGY1BJjYZjcQ7Pm7+OdeDeS1JkNbN/srwiRbtCNJaEnLTyPG+
A+6jHHoZ3GTLLMDc0QzraA1y0doNEne1jbGuCcv1owAGswbKGEuGPvdcHzxVbE3s
T9k0lsr17CUhxALkJFNIUVaTqOwsBI+Gf5kq4DcSniiFur+7LV+w0GYIfWUHf4dH
C3HNVNc7gfCGiM45mZHZ3Hkrjw4mbR+l+H9ucmKXPrj/py144R7w14+NIlMetXyu
/rnlgB+V0UWCSxmmTGwOERnAjSIs44nsb5Q3NNbYKvOVYTMIHO6/GZ9LYfXDEb+z
ORZLPVBz4b9RjhOEp/m+yE77je7+Pn1ZGhEdc0kuyD54h55mUhUjPAw8EPmzbeM+
EvXR6swE31Cgz/VNoF/xxfDhVmY7SXDhtuQ8aRUuz++8IcdrLDeRvKpE1kzhDN8x
lKXxAHvWc5oqio3MvvQKyIwN
=pg8l
-----END PGP SIGNATURE-----
Attachment:
pgpedU16oPJhT.pgp
Description: PGP signature