Bug#1057107: bullseye-pu: package libssh2/1.9.0-2
Hello,
Thank you for the feedback, the new attached debdiff should fix these.
Thanks!
diff -Nru libssh2-1.9.0/debian/changelog libssh2-1.9.0/debian/changelog
--- libssh2-1.9.0/debian/changelog 2020-12-14 10:02:16.000000000 -0500
+++ libssh2-1.9.0/debian/changelog 2023-11-29 07:00:07.000000000 -0500
@@ -1,3 +1,10 @@
+libssh2 (1.9.0-2+deb11u1) bullseye; urgency=medium
+
+ * Fix CVE-2020-22218: missing check in _libssh2_packet_add() allows
+ attackers to access out of bounds memory.
+
+ -- Nicolas Mora <babelouest@debian.org> Wed, 29 Nov 2023 07:00:07 -0500
+
libssh2 (1.9.0-2) unstable; urgency=medium
* d/control: Fix VCS URIs
diff -Nru libssh2-1.9.0/debian/patches/CVE-2020-22218.patch libssh2-1.9.0/debian/patches/CVE-2020-22218.patch
--- libssh2-1.9.0/debian/patches/CVE-2020-22218.patch 1969-12-31 19:00:00.000000000 -0500
+++ libssh2-1.9.0/debian/patches/CVE-2020-22218.patch 2023-11-29 07:00:07.000000000 -0500
@@ -0,0 +1,14 @@
+Description: Fix CVE-2020-22218
+Author: Nicolas Mora <babelouest@debian.org>
+Forwarded: not-needed
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -472,7 +472,7 @@
+ /* Get a packet handle put data into. We get one to
+ hold all data, including padding and MAC. */
+ p->payload = LIBSSH2_ALLOC(session, total_num);
+- if(!p->payload) {
++ if(total_num == 0 || !p->payload) {
+ return LIBSSH2_ERROR_ALLOC;
+ }
+ p->total_num = total_num;
diff -Nru libssh2-1.9.0/debian/patches/series libssh2-1.9.0/debian/patches/series
--- libssh2-1.9.0/debian/patches/series 2020-12-14 10:02:16.000000000 -0500
+++ libssh2-1.9.0/debian/patches/series 2023-11-29 07:00:07.000000000 -0500
@@ -1,3 +1,4 @@
+CVE-2020-22218.patch
manpage.patch
0001-Add-lgpg-error-to-.pc-to-facilitate-static-linking.patch
0001-Do-not-expose-private-libraries-nor-link-flags-to-us.patch
Reply to: