Your message dated Wed, 21 Nov 2012 22:37:39 +0100 with message-id <20121121213739.GO17465@radis.cristau.org> and subject line Re: Bug#693882: unblock: libssh/0.5.3-1 has caused the Debian Bug report #693882, regarding unblock: libssh/0.5.3-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 693882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693882 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: libssh/0.5.3-1
- From: Laurent Bigonville <bigon@debian.org>
- Date: Wed, 21 Nov 2012 14:16:14 +0100
- Message-id: <[🔎] 20121121131614.27425.99290.reportbug@fornost.bigon.be>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello, Please unblock package libssh This version fixes 4 CVE and several other bugs version 0.5.3 (released 2012-11-20) * CVE-2012-4559 Fixed multiple double free() flaws. * CVE-2012-4560 Fixed multiple buffer overflow flaws. * CVE-2012-4561 Fixed multiple invalid free() flaws. * BUG #84 - Fix bug in sftp_mkdir not returning on error. * BUG #85 - Fixed a possible channel infinite loop if the connection dropped. * BUG #88 - Added missing channel request_state and set it to accepted. * BUG #89 - Reset error state to no error on successful SSHv1 authentiction. * Fixed a possible use after free in ssh_free(). * Fixed multiple possible NULL pointer dereferences. * Fixed multiple memory leaks in error paths. * Fixed timeout handling. * Fixed regression in pre-connected socket setting. * Handle all unknown global messages. Diffstat: $ debdiff --exclude '*.bak' --exclude '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat CMakeLists.txt | 4 - CPackConfig.cmake | 2 ChangeLog | 15 ++++++ README | 113 +++++++++++++++++++++++++++++++++++++++++------ SECFIX_0.5.2.tar.asc | 7 ++ debian/changelog | 8 +++ doc/mainpage.dox | 113 +++++++++++++++++++++++++++++++++++++++++------ doc/threading.dox | 18 +++---- include/libssh/bind.h | 7 -- include/libssh/misc.h | 1 include/libssh/priv.h | 12 +++- include/libssh/session.h | 13 +++-- include/libssh/socket.h | 1 src/agent.c | 3 + src/auth.c | 1 src/auth1.c | 1 src/bind.c | 6 +- src/buffer.c | 34 ++++++++++---- src/callbacks.c | 2 src/channels.c | 21 +++++++- src/channels1.c | 1 src/client.c | 7 +- src/connect.c | 2 src/crypt.c | 1 src/dh.c | 5 ++ src/error.c | 9 ++- src/getpass.c | 1 src/keyfiles.c | 36 +++++++------- src/keys.c | 5 ++ src/known_hosts.c | 1 src/log.c | 64 ++++++++++++++++++-------- src/messages.c | 14 +++-- src/misc.c | 54 ++++++++++++++++------ src/options.c | 16 +++--- src/packet.c | 1 src/server.c | 4 - src/session.c | 69 ++++++++++++---------------- src/sftp.c | 41 ++++++++++++----- src/sftpserver.c | 1 src/socket.c | 27 ++++++++--- src/string.c | 26 +++++++--- 41 files changed, 558 insertions(+), 209 deletions(-) unblock libssh/0.5.3-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dashAttachment: libssh.diff.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---
- To: Laurent Bigonville <bigon@debian.org>, 693882-done@bugs.debian.org
- Subject: Re: Bug#693882: unblock: libssh/0.5.3-1
- From: Julien Cristau <jcristau@debian.org>
- Date: Wed, 21 Nov 2012 22:37:39 +0100
- Message-id: <20121121213739.GO17465@radis.cristau.org>
- In-reply-to: <[🔎] 20121121212817.48a0f66d@fornost.bigon.be>
- References: <[🔎] 20121121131614.27425.99290.reportbug@fornost.bigon.be> <[🔎] 20121121192450.GK17465@radis.cristau.org> <[🔎] 20121121212817.48a0f66d@fornost.bigon.be>
On Wed, Nov 21, 2012 at 21:28:17 +0100, Laurent Bigonville wrote: > Le Wed, 21 Nov 2012 20:24:50 +0100, > Julien Cristau <jcristau@debian.org> a écrit : > > > On Wed, Nov 21, 2012 at 14:16:14 +0100, Laurent Bigonville wrote: > > > > > $ debdiff --exclude '*.bak' --exclude > > > '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat > > > > Why are these patch files included in the tarball? Are they used at > > all, or just cruft? > > The patches are the one that fix the CVE, I'm not sure why they are > present there, maybe for reference but they are not used at all. > > The other .bak file is just leftover. > There's also a bunch of tarballs that don't seem to belong inside this one at all… Anyway, unblocked. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---