-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Nov 2025 10:29:30 +0100 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: amd64 Version: 0.10.6-0+deb12u2 Distribution: bookworm Urgency: medium Maintainer: amd64 Build Daemon (x86-grnet-01) Changed-By: Emilio Pozuelo Monfort Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 1108407 Changes: libssh (0.10.6-0+deb12u2) bookworm; urgency=medium . [ Martin Pitt ] * stable-security → bookworm-security * Backport security patches from 0.11.2. - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() - CVE-2025-5318: Likely read beyond bounds in sftp server handle management - CVE-2025-5351: Double free in functions exporting keys - CVE-2025-5372: ssh_kdf() returns a success code on certain failures - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ (Closes: #1108407) . [ Emilio Pozuelo Monfort ] * Add patch for CVE-2025-8114 * Add patches for CVE-2025-8277 Checksums-Sha1: e60280fae038d1804ea3f7410df7a00559c20295 504232 libssh-4-dbgsym_0.10.6-0+deb12u2_amd64.deb 17e39c1804db5ab4da8d5dc192d84515952f972c 189436 libssh-4_0.10.6-0+deb12u2_amd64.deb 25e7c42ecac49fbd3f1722cfb32a2d0967780487 241400 libssh-dev_0.10.6-0+deb12u2_amd64.deb 16d0f8d8d97836cfa78e1d2899338ef86e468424 539080 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_amd64.deb 129a35ddfd8e9be210f49fb6d31383f3e6586b16 219948 libssh-gcrypt-4_0.10.6-0+deb12u2_amd64.deb c33f95c827898cace3b19549c0dc9fa1b1b09dc7 275612 libssh-gcrypt-dev_0.10.6-0+deb12u2_amd64.deb 137c69860cb4ab47037ddbd4fb0fb96b4ad86918 9654 libssh_0.10.6-0+deb12u2_amd64-buildd.buildinfo Checksums-Sha256: 6b78be6fa63dfbeaccf9f71e6fcf8c7c03f324ae3cde52913c1c818dcb3eb4d7 504232 libssh-4-dbgsym_0.10.6-0+deb12u2_amd64.deb 2158d90ac21364655fe0372b23341fa3f871146bf3525f7dffef6dfa8f28448a 189436 libssh-4_0.10.6-0+deb12u2_amd64.deb c5dff9b2b855677e6451e35ab6f7e9a467c4c36a3d76c30526f9f66b0f978df7 241400 libssh-dev_0.10.6-0+deb12u2_amd64.deb 9dbdfe1b143a3dc25349c40afbbb792d31ba0216f0930966572dc573bc3d9151 539080 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_amd64.deb f2af148e039fed6620c8ba24328a434f9ecb1adb5b735c04d2d41a432ca3553d 219948 libssh-gcrypt-4_0.10.6-0+deb12u2_amd64.deb 4600b088a7a1b59ec28d022227bb9b322b0c9f411ae8cba086f921b006ad5464 275612 libssh-gcrypt-dev_0.10.6-0+deb12u2_amd64.deb 9c169d70b3009b02abffde4800098271445f96537556ff3365be0885fb92a771 9654 libssh_0.10.6-0+deb12u2_amd64-buildd.buildinfo Files: 851a7956659c5bf5cf62cf5c627b15c3 504232 debug optional libssh-4-dbgsym_0.10.6-0+deb12u2_amd64.deb 06af2620e5385ce0bac5866cdb90e957 189436 libs optional libssh-4_0.10.6-0+deb12u2_amd64.deb b36f452b24462f57ec78c68f00b8dcec 241400 libdevel optional libssh-dev_0.10.6-0+deb12u2_amd64.deb ac4384a7a7af8d755bf64b4796fce604 539080 debug optional libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_amd64.deb 2f85ec85911f9b0741d9be27ac768ed7 219948 libs optional libssh-gcrypt-4_0.10.6-0+deb12u2_amd64.deb fb3584033bf9692dffa93b44249a14dd 275612 libdevel optional libssh-gcrypt-dev_0.10.6-0+deb12u2_amd64.deb 94bc70a2795d88f4bf177665d1e1ef81 9654 libs optional libssh_0.10.6-0+deb12u2_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmk0G00ACgkQvGw9w6Vr LCcnvRAAloWIi5hZnu//KPiskhLZaYVkilZR5YyEB7ERNWQtKaUHu8o023wCH9RK a6rKn4oVYe/u5VDW3e6bWDI/q5zOLPGJytFgcc4AVrFciWD02C9CHd6zXN3cWpei 8PyNwBtBkGLe6HJLWGZuFVLAbdvLOWqb1sPv1BMfkZhjzOL6mYj/QSCe2njUhkjY cJfW7UIQ0It/THK33W9ATp8nhI629ibJxwMO3rY3QNajyH5O18UZ5P38RxUdq+dj b1bmqD4LF1rr/9wR154BDRWwc9SDZbvcmftQcuh9bzw7fpJ4WtkLOPfNk4/RbBZi APXSr3F+DgT0E3kmWwyZfy+FgcA3GrT2SVWCX7hJABK272BuyT9N9chgEo1AWpSs BBq8LsKx3Padu6jLJy/YfzuoVZcSxxK4GSnHJIt4rGdxd3sDR8rjq0fhBfrxWy6I IEahXG+clQm5IbAGbS8mMI3yaIeXoHz9fp0JZTuM+nvC3+MhrotOHTqiepQK3tD6 uhhlFZ+MTWIJC2dWOf0o3LR5Bd028l9hWDV6GE2ab0cp3xumWVkjGoGdCkGclU2/ j6DjFAHMKtCyr6+8cypK0OtN1CmmAan5U6Taa1CxZP6xc0hEsy0E04sHNLLlfQO/ mNOnGUblkT0XCXLwEO1cQXDBlt1YvypE3iGonjg513Vm6h040Qs= =IQGx -----END PGP SIGNATURE-----