-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Aug 2021 13:52:11 +0200 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: amd64 Version: 0.9.5-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Martin Pitt Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 993046 Changes: libssh (0.9.5-1+deb11u1) bullseye-security; urgency=high . * dh-gex: Avoid memory leaks. Add 0001-dh-gex-Avoid-memory-leaks.patch: Backported from upstream 0.9.6 release. * Fix handshake bug with AEAD ciphers and no HMAC overlap. Add 0002-Fix-handshake-bug-with-AEAD-ciphers-and-no-HMAC-over.patch and 0003-Add-initial-server-algorithm-test-for-no-HMAC-overla.patch: Backport fix and test from upstream 0.9.6 release. * Create a separate length for session_id. Add 0004-CVE-2021-3634-Create-a-separate-length-for-session_i.patch and 0005-tests-Simple-reproducer-for-rekeying-with-different-.patch: Backport fix and test from upstream 0.9.6 release. CVE-2021-3634 (Closes: #993046) Checksums-Sha1: 27cd06dbd46e0290f9d6f7c83fc150f7202b668d 471764 libssh-4-dbgsym_0.9.5-1+deb11u1_amd64.deb 6a6802d4a6b6507beb443530de963c312c87d7dc 186160 libssh-4_0.9.5-1+deb11u1_amd64.deb 7c89c4f7a70995c7d172cb88a9635f9a903f86d9 234560 libssh-dev_0.9.5-1+deb11u1_amd64.deb 4a608bb7d5ec56a994261f163d1cd541be459e4b 511692 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_amd64.deb fa3baa67f28a58cdd377077a03855e3f079806e9 218124 libssh-gcrypt-4_0.9.5-1+deb11u1_amd64.deb 330b26fb3ef9d914389e3e4007ae94856a6617ee 269216 libssh-gcrypt-dev_0.9.5-1+deb11u1_amd64.deb fc04e90349b555327ced1ce0de985b6dedee0eb8 8919 libssh_0.9.5-1+deb11u1_amd64-buildd.buildinfo Checksums-Sha256: 5e02218776454f719ec6ee2f2574f64d28adb4a57e8c7fed371f7de8789f64f0 471764 libssh-4-dbgsym_0.9.5-1+deb11u1_amd64.deb 75d04fac5fbea0f4c1f047198122e26aa26f4267de0a3c079c44100b3ea9066f 186160 libssh-4_0.9.5-1+deb11u1_amd64.deb 79fffa2154a2b2afb6f8871316dc0438bd4b3fab3287731e31355ac661c30138 234560 libssh-dev_0.9.5-1+deb11u1_amd64.deb 576aa9fd2f26c464ccb44a10420a7e0286c6352bc6ff8574204883e7b7f63808 511692 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_amd64.deb 47f4011e5220f319cf5c0fde69d7b466afac1be7c8030dc10fad9b147af6973f 218124 libssh-gcrypt-4_0.9.5-1+deb11u1_amd64.deb 8bff44e254e67efc0725981dd0ea21329268f54b939cfe378381c1d517951b05 269216 libssh-gcrypt-dev_0.9.5-1+deb11u1_amd64.deb 9ac3e253fdc7efb834a06f97242f330f6c49d9ad05d67191cb2c5f95077e5674 8919 libssh_0.9.5-1+deb11u1_amd64-buildd.buildinfo Files: cb675c7f892ef4e16986fbc3e1a3e0ca 471764 debug optional libssh-4-dbgsym_0.9.5-1+deb11u1_amd64.deb 5da39a908c97666b415aabf56b34cc61 186160 libs optional libssh-4_0.9.5-1+deb11u1_amd64.deb eec16b8d23f05dafdee13b32be370f4c 234560 libdevel optional libssh-dev_0.9.5-1+deb11u1_amd64.deb 167d0a05388e12564c29533c460c609a 511692 debug optional libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_amd64.deb e328fe423f4ba6be7d55af47b5f7aa3b 218124 libs optional libssh-gcrypt-4_0.9.5-1+deb11u1_amd64.deb 2a198bf20230568c659d164c54b16332 269216 libdevel optional libssh-gcrypt-dev_0.9.5-1+deb11u1_amd64.deb fbb088767a2873362869ad53c53e0bf9 8919 libs optional libssh_0.9.5-1+deb11u1_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTtIulJqCiUOC8/RqX+JKfZgT24FAmEsWhkACgkQqX+JKfZg T26mwg/8CEsMjIBgIz3t8vKEdr/f+DHgG+RrGJgDgpStH/Efvl3BLhXHVHQ9eCtm QYYWcaWe/Zyjw7PZjh/g5+jm978jvHElVN2rtD3bMPX546sKFgc2pRusjdm1TDNa A1XxJwY/ZbSHvurrECpG9z1UxUYCMupGJ+QqxBM/O9oZEJFnbF0ITZJmK7Ua1LXV 2HtfDMaSdZ/b9eW5FITkaBGPy29N8zPddIKR+fro3A4wWlE8WdRvyWYmBEu/GMLW A9sUTymbJNzk7VEbzKc0OGBNxz/OKqcdJ1GY8PoVKy87SN48emtSTltRXpptgb2+ o7sNVI9A1IilNWsG/KdIt1KIm9ZIZQvt4PREhped4UANStAFVpMTlvPSgxaBJDsa 6IgFAgOZTqk0R4TFRY9o1Q+P7ldjnyYZ2J3d0kpW55z3uebNZnDIVhHq6S9sTjXj IUfia7TQD5KU/zOgwhP/o44WEEQiUlEn46JElP1xbhm2IaMfGY6i014LQGNDb/NW gZxBP8mZ238gINwyhX9vhsYvGEmDXO5wwpCYhNXwx4Nu1K0BSRK5Q4e+eM0Oa4np 4OQVp6RhezEniTxo4AMjwUvXAwVlLI+xdgPHAEYxSg6Jp65bzBr4ndVUJIJN3K8Y I8rf21NJ8GYGFpnS40qPYEBjo2f8ErMqqvA577ZWU17J+Eyn/O8= =lF4Y -----END PGP SIGNATURE-----