[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible regression/problem with libssh2 update

Hi Salvatore,

On  Di 02 Apr 2019 08:48:18 CEST, Salvatore Bonaccorso wrote:

Hi Mike

While working on an update for libssh2 first for buster and stretch
for the recent CVEs I noticed that the libssh2 update might have a
problem with one patch, when I compared with the jessie LTS update.

Upstream did wrongly apply some checks, which resulted
https://github.com/libssh2/libssh2/pull/327 .

I have included this commit in

And actually a user followed up todayin the bug #924965.

Can you double check if 1.4.3-4.1+deb8u2 for this issue?


You are right. The patch from PR #327 applies on top of the current jessie version of libssh2. A regression upload is needed for libssh2 in jessie LTS.

I have built a follow-up revision of the jessie package and will test later today with the PHP example given in #924965 msg-23. (Now, I need to run to an appointment).


c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpkSvpbSd14r.pgp
Description: Digitale PGP-Signatur

Reply to: