[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036026: unblock: libssh/0.10.5-1

Control: tags -1 moreinfo confirmed

On 2023-05-13 15:49:12 +0200, Martin Pitt wrote:
> --- libssh-0.10.4/debian/changelog	2022-09-19 08:41:22.000000000 +0000
> +++ libssh-0.10.5/debian/changelog	2023-05-10 06:00:26.000000000 +0000
> @@ -1,3 +1,26 @@
> +libssh (0.10.5-1) unstable; urgency=high
> +
> +  [ Martin Pitt ]
> +  * New upstream security release (thus high urgency):
> +    - Fix authenticated remote DoS through potential NULL dereference during rekeying
> +      with algorithm guessing (CVE-2023-1667)
> +      https://www.libssh.org/security/advisories/CVE-2023-1667.txt
> +    - Client authentication bypass in pki_verify_data_signature() in low-memory
> +      conditions with OpenSSL backend; gcrypt backend is not affected
> +      https://www.libssh.org/security/advisories/CVE-2023-2283.txt
> +      (CVE-2023-2283, Closes: #1035832)
> +  * Bump Standards-Version to 4.6.2. No changes necessary.
> +  * Drop debian/source/lintian-overrides. It now causes a "mismatched-override"
> +    warning, and apparently is not necessary any more.
> +  * debian/copyright: Drop files which don't exist any more.
> +    Spotted by lintian's "superfluous-file-pattern" warnings.
> +
> +  [ Debian Janitor ]
> +  * Bump debhelper from old 12 to 13.

It's too late for debhelper compat bumps. See https://release.debian.org/bookworm/FAQ.html

Please re-upload without that change and remove the moreinfo tag once
that happened.

Cheers
-- 
Sebastian Ramacher
Reply to: