-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Aug 2021 13:52:11 +0200 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: i386 Version: 0.9.5-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Martin Pitt Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 993046 Changes: libssh (0.9.5-1+deb11u1) bullseye-security; urgency=high . * dh-gex: Avoid memory leaks. Add 0001-dh-gex-Avoid-memory-leaks.patch: Backported from upstream 0.9.6 release. * Fix handshake bug with AEAD ciphers and no HMAC overlap. Add 0002-Fix-handshake-bug-with-AEAD-ciphers-and-no-HMAC-over.patch and 0003-Add-initial-server-algorithm-test-for-no-HMAC-overla.patch: Backport fix and test from upstream 0.9.6 release. * Create a separate length for session_id. Add 0004-CVE-2021-3634-Create-a-separate-length-for-session_i.patch and 0005-tests-Simple-reproducer-for-rekeying-with-different-.patch: Backport fix and test from upstream 0.9.6 release. CVE-2021-3634 (Closes: #993046) Checksums-Sha1: b27edf96bcdf8de7b4eff8b7ed19470351d9d196 390260 libssh-4-dbgsym_0.9.5-1+deb11u1_i386.deb e10556401109ed32052c12b98d3443178ee93333 203708 libssh-4_0.9.5-1+deb11u1_i386.deb fcce583c0f1fc6da001fc028ea5f7ffbed72a050 257016 libssh-dev_0.9.5-1+deb11u1_i386.deb 269d468c25979504d21132ec3193fce68ce42519 425300 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_i386.deb daca42c242b989ff9bccd494484048981d2ad740 236344 libssh-gcrypt-4_0.9.5-1+deb11u1_i386.deb e8d43f904e768e737ffc89a56052df38f3cc0930 292660 libssh-gcrypt-dev_0.9.5-1+deb11u1_i386.deb 4ff192a4c382392a1c23ac495d37821137c455ed 8862 libssh_0.9.5-1+deb11u1_i386-buildd.buildinfo Checksums-Sha256: 60a3096ec1abcbe1516688cd0ef34963c6d93629b21f45ea61568cde19ce337f 390260 libssh-4-dbgsym_0.9.5-1+deb11u1_i386.deb dd56a3d4074f529651878fd492170cab2f580d5352f89968e9c8e2682c5daec1 203708 libssh-4_0.9.5-1+deb11u1_i386.deb eaa7b7bddffbdc99b2cb479e31fe3757ddd822bcaa593bd73de2a60bb646aff4 257016 libssh-dev_0.9.5-1+deb11u1_i386.deb 5f23c0d4f3dd74b1f2ecc9a77321a5fd748d26c851e518af2f3e6ea72a966e55 425300 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_i386.deb 96d2c0844cbeab08a90564942cb1dcfb756ae204536ca746b24b1938117fdc88 236344 libssh-gcrypt-4_0.9.5-1+deb11u1_i386.deb edc069c3189c1a7dd9e8057edee237ad75ce9bd5209aff0634b106579b2483b9 292660 libssh-gcrypt-dev_0.9.5-1+deb11u1_i386.deb 5b71d927d53216e285b5357bab384a1347f0708c82b0073aaac8b7009edb9c14 8862 libssh_0.9.5-1+deb11u1_i386-buildd.buildinfo Files: 013bed8e0d21f5815d3bd7dee42cb96f 390260 debug optional libssh-4-dbgsym_0.9.5-1+deb11u1_i386.deb 3072de91d171201f1fe8cda0ff84ba97 203708 libs optional libssh-4_0.9.5-1+deb11u1_i386.deb 3a5a42d9238e591cbcd7478f61004fd5 257016 libdevel optional libssh-dev_0.9.5-1+deb11u1_i386.deb c338aa906dda66300d001286c311ac25 425300 debug optional libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_i386.deb e245b26a5b1b238d363e84a833b610a3 236344 libs optional libssh-gcrypt-4_0.9.5-1+deb11u1_i386.deb 21724c9b8422af4506a7fd785ee584ba 292660 libdevel optional libssh-gcrypt-dev_0.9.5-1+deb11u1_i386.deb 08e7b01f13a647cc8560b492064b6dd4 8862 libs optional libssh_0.9.5-1+deb11u1_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEeShLnnjT5e2dm1q4H4Xht4aLclgFAmEsWd0ACgkQH4Xht4aL clizcBAApNTY6JFddMvxWXvgaJzT64H822po17Y6eesDCu8R+TrWnRY0z6kpqtou YKBZZI3paxd/FosafgQG/iz45C9TqnaNaos0QlWAHKb81vMsJwLEbzI0xANTrIlP Ljm8gQo7XMcrowDEdYySlLDDNaAYLMUND7WHcGhK4wLWl8f1F0E4SOS/bsd4765s 4Gc62KgttDKiW7+lpksaXGCGskpGo908IO6EIIIx0thbVB3I3o7XOatAKBw3IlJ8 33egzYAkMST9bs4QksuE6G05c8OynZCHHrsx1RNHtiJXAZohMkrYOuQ+DX+1S1VC gYAn6VRmKI1Om8f8f52czBbcJs3NQPymsTltMa+XU5Uo8AgnFE3rzRLTTCxB4Ok3 neeNpjzj3ClVzkelkMsJZZeaP3dFGaI27HIZzzVbqa7ZRud2gchQFABG9sMe00WM PG19HqU8ouaxjwSGSu9QEsxgKDEoOMX6KGGfZ+y4dLEAwh+UHO4X1zTg2Ok5W2dc 9sSyKMQTYVQuLEgw+vN8d+QjgOh3RjepBeni67GTj8jef3N77FQAXjUJVNHRcGHc ClnyMXwoQqnILXuH7Y7r0+mLHJ9tJgXu5R5oL7RGV6rH6DG1reomlayyXYJHNHMg vBjG3I4R843QCsNriLzdfQVPEbxL7M1qBYmXJzdW9xJm8uzPGMQ= =5A4u -----END PGP SIGNATURE-----