-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Nov 2025 10:29:30 +0100 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: s390x Version: 0.10.6-0+deb12u2 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Emilio Pozuelo Monfort Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 1108407 Changes: libssh (0.10.6-0+deb12u2) bookworm; urgency=medium . [ Martin Pitt ] * stable-security → bookworm-security * Backport security patches from 0.11.2. - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() - CVE-2025-5318: Likely read beyond bounds in sftp server handle management - CVE-2025-5351: Double free in functions exporting keys - CVE-2025-5372: ssh_kdf() returns a success code on certain failures - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ (Closes: #1108407) . [ Emilio Pozuelo Monfort ] * Add patch for CVE-2025-8114 * Add patches for CVE-2025-8277 Checksums-Sha1: fdca21974667deaee799143274d4b024288551d5 495764 libssh-4-dbgsym_0.10.6-0+deb12u2_s390x.deb 1cbf0b49feb797850abca03c3151a59a896d1474 169444 libssh-4_0.10.6-0+deb12u2_s390x.deb b28c6bec50565b0a65f891430f2f71c522022b36 222560 libssh-dev_0.10.6-0+deb12u2_s390x.deb c4700cc6241c32dc12760ef0e94fb1454100aa64 528220 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_s390x.deb accea8e497075eeb86619b24053882a228324542 198524 libssh-gcrypt-4_0.10.6-0+deb12u2_s390x.deb 83ad5cb23b650e75492ef014dc19fdaf492f6058 254364 libssh-gcrypt-dev_0.10.6-0+deb12u2_s390x.deb 15396b9c31767ffb2f5bc85c30d32338abdcf4f3 9509 libssh_0.10.6-0+deb12u2_s390x-buildd.buildinfo Checksums-Sha256: dd4ee80cf7158eb4b38d1f024a6d956e84475c7ded6dc9bd7c5b970da01edf3c 495764 libssh-4-dbgsym_0.10.6-0+deb12u2_s390x.deb 261463f410965da31781229b7fc3a1f6661793513c70b9302e85614e183c7f6b 169444 libssh-4_0.10.6-0+deb12u2_s390x.deb cacf38f20762c948441befd40011239aae2d97272ae0fef6a70cb7adecececa6 222560 libssh-dev_0.10.6-0+deb12u2_s390x.deb 8b5e009ce03de15b4be7a6e6c171c8efc5d32fbb5b852060d2aabf0c33fa9d5c 528220 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_s390x.deb 9b555577fd6fad0defa8130cead5da4ab6c9cf94eaa875f3dc849ef24154a922 198524 libssh-gcrypt-4_0.10.6-0+deb12u2_s390x.deb 8c2062bb5e30de5a2400787c7d25e737043378868853d0c67681b709a3e47036 254364 libssh-gcrypt-dev_0.10.6-0+deb12u2_s390x.deb d289e3494a40b0a07ae9e2f51fe42bfaee0c649e0781a1116f4f682e54aac13e 9509 libssh_0.10.6-0+deb12u2_s390x-buildd.buildinfo Files: 8949cc4f659df04524204a684efcb896 495764 debug optional libssh-4-dbgsym_0.10.6-0+deb12u2_s390x.deb bfc4c485a536918afc948fe3f7d287a2 169444 libs optional libssh-4_0.10.6-0+deb12u2_s390x.deb 78aabd027296efa646ad6d95e1e05a15 222560 libdevel optional libssh-dev_0.10.6-0+deb12u2_s390x.deb 10215788c9b99072a74e6eb9ec0bdff1 528220 debug optional libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_s390x.deb 8ed7534a6ec79abaa00eab6c472ff48b 198524 libs optional libssh-gcrypt-4_0.10.6-0+deb12u2_s390x.deb 23e3b34768335a1f7770a725d68edd50 254364 libdevel optional libssh-gcrypt-dev_0.10.6-0+deb12u2_s390x.deb b25b535f63d3a53408a72fd0251adc3d 9509 libs optional libssh_0.10.6-0+deb12u2_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAmk0IK0ACgkQvVOPI7pY NpgZrg//abRzjwH5BLhiAzJKU8ytxSQIi9QH4xiHKsIqF567AeCtWn+sybuIQ0TU x/ks4HsIhntT2aR7Kn/WEzz0jDXV/XkzkNs6vBY6GQgReTD2JUrdwZZDIHnoZ8gf nZJGv7OAgmr7L9Kep+5WBl3qp2Z7rpp0pEb7TDkU5ihfQVuj/31We6+whD3vHhXN KpCZ7cPQ16J2nOJ/xVrliTD/T/Ty1k4q8v/ucZauMl33nxa1sEM1GXs70CZuxCcJ VKaxXB7g3fSR41PPH1tFpxXwVs5M4zzV8gw6uJOgtUKl+8oxWLtKR2zejGBWJVRw TCA3MGEf+zvQyRoDrn7UEpYs62aJojJjnGhJCfUYUUzPWgaqOMMGOx8N4mQn9REA S3hBFrvIvhi0A1lrWhDFJfg/9m9yL8V6IeMMc7NALoZ7ix5jJlm0ALriIeSkLiU6 I/ML0yjuI/5n7aC6yoU5ViyyMK/K6zFHIWD1NdZxNxKdQ/QBd5vES4QFD6+r6Nan FYBerpDmjBdGAcTda84mwFyA9SvfmQydsZYcWv118ZfOJwfWPR3yenVKC+oL+uJ+ PLBmyQ/FAKh3w0Oe3EYYlNzvpvj5TI3ECyY/RcnTT9p+99N792DhrxTAosTOYjWl 6gH6iXaiBL9cGg17KFgQeqwGkBnOnU9PJLE5Y5qOGdWbJye0dmo= =9F3Y -----END PGP SIGNATURE-----