-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Aug 2021 13:52:11 +0200 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: arm64 Version: 0.9.5-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Martin Pitt Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 993046 Changes: libssh (0.9.5-1+deb11u1) bullseye-security; urgency=high . * dh-gex: Avoid memory leaks. Add 0001-dh-gex-Avoid-memory-leaks.patch: Backported from upstream 0.9.6 release. * Fix handshake bug with AEAD ciphers and no HMAC overlap. Add 0002-Fix-handshake-bug-with-AEAD-ciphers-and-no-HMAC-over.patch and 0003-Add-initial-server-algorithm-test-for-no-HMAC-overla.patch: Backport fix and test from upstream 0.9.6 release. * Create a separate length for session_id. Add 0004-CVE-2021-3634-Create-a-separate-length-for-session_i.patch and 0005-tests-Simple-reproducer-for-rekeying-with-different-.patch: Backport fix and test from upstream 0.9.6 release. CVE-2021-3634 (Closes: #993046) Checksums-Sha1: c040c28af1512501e4bb9d047efae706fa5d8e6e 477544 libssh-4-dbgsym_0.9.5-1+deb11u1_arm64.deb 18f30973728790fd1e4ee1813a2f6fc83f64866e 174832 libssh-4_0.9.5-1+deb11u1_arm64.deb 2370574878c1388ac334dcb24a035b7ddf133ff3 232852 libssh-dev_0.9.5-1+deb11u1_arm64.deb 4535f76a6e2e7b72fd9e3c782571d3cbd81dfa0a 517288 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_arm64.deb d6fa6fbe88dd16a26c2017a0c1b61c99918d13da 206292 libssh-gcrypt-4_0.9.5-1+deb11u1_arm64.deb 112e1ab484e450b0ce4e4affec3ae63c069b6406 267840 libssh-gcrypt-dev_0.9.5-1+deb11u1_arm64.deb 359492b7c747b15c48a34dcfae34cef8ec925653 8867 libssh_0.9.5-1+deb11u1_arm64-buildd.buildinfo Checksums-Sha256: 9763ddeb18c1f3d1850e9b84260fb413a8917ac989b1bae7b866c73df970439e 477544 libssh-4-dbgsym_0.9.5-1+deb11u1_arm64.deb 1abddac93dc9262a2670ead59aaddf73c60d8083e6a07adbf9d63a1149191bef 174832 libssh-4_0.9.5-1+deb11u1_arm64.deb 015e33eff6a41e9adca75a56189c76ff9eaa5d663077ee8e99676f9e7fdd22e9 232852 libssh-dev_0.9.5-1+deb11u1_arm64.deb 2179674f3b4bacda63c7e5465633fe24d0ebcbdab6f8bc74e521fc5cd6e5bbed 517288 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_arm64.deb ab5a221194b84dbbb75961555efd98eca8d84d568a15dd971a8c5579c0c4d9dd 206292 libssh-gcrypt-4_0.9.5-1+deb11u1_arm64.deb afd26ac0b0bf871a650ecefc1e167219605cba8ccce4e98c9db9d219eea4b0b2 267840 libssh-gcrypt-dev_0.9.5-1+deb11u1_arm64.deb 228c41911fc7b460ee1d122e39ee16ea9272777ce5cdf9651664522b0916e39a 8867 libssh_0.9.5-1+deb11u1_arm64-buildd.buildinfo Files: 6f310dbad7a0df7aada121067ada84d7 477544 debug optional libssh-4-dbgsym_0.9.5-1+deb11u1_arm64.deb e6586dbf7da8acf13d141933887ca294 174832 libs optional libssh-4_0.9.5-1+deb11u1_arm64.deb 3355aaabd729564cabe79c821bed0b92 232852 libdevel optional libssh-dev_0.9.5-1+deb11u1_arm64.deb 236aa4113747d2ec1c0c28b34d236ac3 517288 debug optional libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_arm64.deb 91f089c39af6a1eca6f4c33ec7bdf836 206292 libs optional libssh-gcrypt-4_0.9.5-1+deb11u1_arm64.deb ddff403e942281a924142e6cdb58f92e 267840 libdevel optional libssh-gcrypt-dev_0.9.5-1+deb11u1_arm64.deb eb38bf618f079fab5fd76e0a909262ef 8867 libs optional libssh_0.9.5-1+deb11u1_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc2cgFYxhp20u3o8+v4mxSX2cjm4FAmEsWgsACgkQv4mxSX2c jm6pjRAAie2Sy6PipQyhEpix5V+t8Cz3piavDfz57pfm1teizMkwe8xq7eZqYwa1 4pm40/Zcn9QCSd624lYclwlN9vREv7/OverGS1/MFgZ+gFWAP2rA2cjUvI7+JnFI ycbLqGiHX5yTwY2O9GFHTIxPy/mw5pxKd+VWTdwDClBVmyz+4SZYfqmm3h9C3MXe EEL8AetaQwCkxkmdLWsbLQsaCIUzbNYPqVX5NQPyw7KjEjycjCSTK6UCIxubijAl dhshzN4RybDgtMuWuQ+995kkCqotUOUmUkuKDvWDcu8UkpiSYrkzvYlxvSHNVJKG VB8VSh9E+S/YGDEvVzni2RnQlw3q7QVl6OgFo6ijbjBALlumP9v4Ez6rCuTxxjM3 8lfwKZA7NBIU1qkVlDoUKmg9Z6a179MYNyN729XgCvzJJ3Je4z1bvWyRhgbwMBY5 DuqHVA2AgvTJQ4pQvtM3rjYslnF6PWsFzDEG5yNYiVcOCOlD05zEm3UM8jdL6Xgu izwU0QekBQ+OzaB5LZvZj/J1mOECWgNI86QsDKiONAZGx0iV7xcKhIpEnZa951mO 3jg9EVY0LuI7nNPh3OmKK9BV6vEt53nDZfwnnxQcliLQ0G2vZs1ILDRwq9xQeLR1 bW7BI3050miokOqFlvIxgJfC35NVfmyMz8LTo2uGzy57JWO+f3I= =sN1f -----END PGP SIGNATURE-----