-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 10:29:30 +0100
Source: libssh
Binary: libssh-doc
Architecture: all
Version: 0.10.6-0+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 libssh-doc - tiny C SSH library - Documentation files
Closes: 1108407
Changes:
 libssh (0.10.6-0+deb12u2) bookworm; urgency=medium
 .
   [ Martin Pitt ]
   * stable-security → bookworm-security
   * Backport security patches from 0.11.2.
      - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions
      - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file()
      - CVE-2025-5318: Likely read beyond bounds in sftp server handle management
      - CVE-2025-5351: Double free in functions exporting keys
      - CVE-2025-5372: ssh_kdf() returns a success code on certain failures
      - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend
     https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/
     (Closes: #1108407)
 .
   [ Emilio Pozuelo Monfort ]
   * Add patch for CVE-2025-8114
   * Add patches for CVE-2025-8277
Checksums-Sha1:
 c5a03a5c9a221d5631ee9ecb0064ee8deea09489 9240028 libssh-doc_0.10.6-0+deb12u2_all.deb
 cfb9a74abc436a1b2bbb3803bd9d2b164475a866 10152 libssh_0.10.6-0+deb12u2_all-buildd.buildinfo
Checksums-Sha256:
 ce5fd3522349bad096684572913be6d5b4ab4d8d1aac2c9560f091e9d2b4cb22 9240028 libssh-doc_0.10.6-0+deb12u2_all.deb
 6c6e4ad97a09330e6b5b6f54f3f2df43006079c1bfcd08da5e080093798c1aa3 10152 libssh_0.10.6-0+deb12u2_all-buildd.buildinfo
Files:
 3438609ad2c43388443958dd51ed2dd4 9240028 doc optional libssh-doc_0.10.6-0+deb12u2_all.deb
 f125803d92461c81a7b91ecd2846359c 10152 libs optional libssh_0.10.6-0+deb12u2_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmk0G9YACgkQfUw6/tXb
AmOn2g//ZQ2E91afqLCB1/tKBdXTJ08BIihu7BsYsMm3T6IHW9f3F6rK04Su9+20
xLd4PO9QN51VJJu5XN28vFWpRw/zEGPLR4DhowbvdtvwktlyQJFKv3mZiK71tWNS
KgnkhWVo7wrx2ylokruwVL5TkNsEouozmrVnIGnfkusJDeVS3VnoUqpQMxlpKtm2
UTQgxhlt6KNB42ICq9MC11+z6cb4mHuNUcvH/pOqWsJNAWDOR5D29/u9ejbqxe2O
BDsvR6qPQ12JhWItXxHjUF0k398b46PlsYlPOrCvCXp49o3Vv05PZ238eurj0l4H
KRNyO2HDmjHJLd9zdixp3wMOgkqsPTvaB7f2ZmcRF4n/XQ9D4GVdhuBXircVtkWg
k3CZaEB129HwLCejVseUnaYy2zbG7/1d+3U89PtmWuJ9NEHvcYV4q7noe4yuViF7
GhmIwPml3STIHEmU2MOMFZAVWeaDVBJzQfoZLz4b9JWKhsT/nXvRjVbc6aZFY5vD
jLIKlAv9awSHRvi114xdk/A40hy9HQTBmAnzaSn72MQT/F3e1ez/xeqn4N1Sn8Tn
I++oj1I5/kuzw3QANU2SKPMNh31fIk1tbNtgc6DeTvnO/VyMP7oH2oPsgZVwjU86
+t0oAgbZDiP6b7NomqxwY2cfhitM4900yCOO55Mw1YDFo+7prGg=
=riMK
-----END PGP SIGNATURE-----