Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libssh@packages.debian.org, carnil@debian.org
Control: affects -1 + src:libssh
Please unblock the recent libssh security update in unstable to land in trixie.
[ Reason ]
That fixes a bunch of CVEs (https://bugs.debian.org/1108407,
https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/),
plus some good fixes and minor cmake build system cleanups.
[ Impact ]
No API/ABI changes, so this does not affect other packages.
[ Tests ]
The less obvious upstream changes have unit tests, e.g.
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d
The more obvious or "shallow but mass-scale" changes don't, e.g.
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6ddb730a273 or
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=697650caa97
However, there were about 6 reverse-dependency autopkgtests and they all
passed. Unfortuantely they disappear from
https://qa.debian.org/excuses.php?package=libssh after passing, I don't know
how to get that list now. But I saw the "in progress" ones yesterday.
[ Risks ]
There are numerous changes, and while I reviewd them they are not 100% risk
free due to sheer size. However, I have some trust in the revdeps autopkgtests.
[ Checklist ]
[x] all security relevant changes are documented in the d/changelog; I didn't
enumerate the bug fixes
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I attach the debdiff as a formality, but it's much easier and more useful to
review the individual upstream commits. They can be seen here:
https://git.libssh.org/projects/libssh.git/log/?h=stable-0.11 all the commits
that were made in the recent days, up to the (previous) libssh-0.11.1 tag.
Thanks,
Martin
Attachment:
libssh_0.11.1-2_0.11.2-1.debdiff.gz
Description: application/gzip