Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2

To: Salvatore Bonaccorso <carnil@debian.org>, 1121480@bugs.debian.org
Cc: Martin Pitt <mpitt@debian.org>, team@security.debian.org
Subject: Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sun, 30 Nov 2025 09:40:03 +0100
Message-id: <[🔎] fc166fb9-f6f6-4bcc-a7bc-deffd3f42698@debian.org>
Reply-to: Emilio Pozuelo Monfort <pochu@debian.org>, 1121480@bugs.debian.org
In-reply-to: <[🔎] aSmkKJQr7zB0HI0Y@eldamar.lan>
References: <[🔎] 176423455487.458821.6462023078402598665.reportbug@kamino> <[🔎] aShYBECTTh6Dr8mH@eldamar.lan> <[🔎] 176423455487.458821.6462023078402598665.reportbug@kamino> <[🔎] b66178e4-ea69-4512-bb8a-2ef53d3dc403@debian.org> <[🔎] aSmkKJQr7zB0HI0Y@eldamar.lan> <[🔎] 176423455487.458821.6462023078402598665.reportbug@kamino>

On 28/11/2025 14:31, Salvatore Bonaccorso wrote:

Hi Emilio,

On Thu, Nov 27, 2025 at 03:01:38PM +0100, Emilio Pozuelo Monfort wrote:

On 27/11/2025 14:54, Salvatore Bonaccorso wrote:

Hi Emilio,

On Thu, Nov 27, 2025 at 10:09:14AM +0100, Emilio Pozuelo Monfort wrote:

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: libssh@packages.debian.org
Control: affects -1 + src:libssh
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
This update fixes various CVEs of minor severity, tagged <no-dsa> by
the Security Team.

[ Impact ]
If this isn't approved, various (minor) client-side security issues will
be left unfixed.

[ Tests ]
Build tests, autopkgtests, rdeps autopkgtest (thanks to debusine, see [1]).
Verified that the cryptsetup/amd64 failure is not a regression (fails with
deb12u1 too), probably due to lack of permissions on the runner.

Some manual tests as well with libssh rdeps.

[ Risks ]
Risk is small as the patches were easy to backport, and due to the tests.

[ Checklist ]
    [x] *all* changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in (old)stable
    [x] the issue is verified as fixed in unstable

[ Other ]
I have already uploaded the package to oldstable-new.


I noticed there is already the upload from Martin Pitt here:

https://release.debian.org/proposed-updates/bookworm_diffs/libssh_0.10.6-0+deb12u2.debdiff

but I did not found a corresponding release.d.o bug for it. Should
that one be rejected in favour of yours as you have two more patches
applied?


Oh, that wasn't on the git repository (only the patches, not the changelog
bump / upload), so I missed it. Yes, I think it'd be easiest to reject that
so that I can re-upload the proposed debdiff.


yes I think that would make sense. Thank you!


Adam rejected the old version, and I have uploaded the new one into oldstable-new.

Cheers,
Emilio

Reply to:

References:
- Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: Re: Bug#1121635: trixie-pu: package pitivi/2023.03-2
Next by Date: Bug#1121012: transition: numerical stack scotch to petsc
Previous by thread: Bug#1121480: bookworm-pu: package libssh/0.10.6-0+deb12u2
Next by thread: Bug#1121534: trixie-pu: package libvirt/11.3.0-3+deb13u2
Index(es):
- Date
- Thread