Hi Salvatore, On Di 02 Apr 2019 08:48:18 CEST, Salvatore Bonaccorso wrote:
Hi Mike While working on an update for libssh2 first for buster and stretch for the recent CVEs I noticed that the libssh2 update might have a problem with one patch, when I compared with the jessie LTS update. Upstream did wrongly apply some checks, which resulted https://github.com/libssh2/libssh2/pull/327 . Commit: https://github.com/libssh2/libssh2/commit/165f05ef01a95538b426cc8c90da8accfaa20d01 I have included this commit in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965#23 And actually a user followed up todayin the bug #924965. Can you double check if 1.4.3-4.1+deb8u2 for this issue? Regards, Salvatore
You are right. The patch from PR #327 applies on top of the current jessie version of libssh2. A regression upload is needed for libssh2 in jessie LTS.
I have built a follow-up revision of the jessie package and will test later today with the PHP example given in #924965 msg-23. (Now, I need to run to an appointment).
http://packages.sunweavers.net/debian/pool/main/libs/libssh2/ Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpkSvpbSd14r.pgp
Description: Digitale PGP-Signatur