-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Aug 2021 13:52:11 +0200 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: s390x Version: 0.9.5-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Martin Pitt Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 993046 Changes: libssh (0.9.5-1+deb11u1) bullseye-security; urgency=high . * dh-gex: Avoid memory leaks. Add 0001-dh-gex-Avoid-memory-leaks.patch: Backported from upstream 0.9.6 release. * Fix handshake bug with AEAD ciphers and no HMAC overlap. Add 0002-Fix-handshake-bug-with-AEAD-ciphers-and-no-HMAC-over.patch and 0003-Add-initial-server-algorithm-test-for-no-HMAC-overla.patch: Backport fix and test from upstream 0.9.6 release. * Create a separate length for session_id. Add 0004-CVE-2021-3634-Create-a-separate-length-for-session_i.patch and 0005-tests-Simple-reproducer-for-rekeying-with-different-.patch: Backport fix and test from upstream 0.9.6 release. CVE-2021-3634 (Closes: #993046) Checksums-Sha1: b0c3806e99e83537b5b1f1fc16a3b879dc173c59 476940 libssh-4-dbgsym_0.9.5-1+deb11u1_s390x.deb 71126c81d19cbe54df5c61b703e36b03f9feafc6 166796 libssh-4_0.9.5-1+deb11u1_s390x.deb 8bc1f725eb13d86ed91d237ab5ecbb245da938f8 219144 libssh-dev_0.9.5-1+deb11u1_s390x.deb 145ba8d8b546c9dd1c895309dbb9964330b88eca 516460 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_s390x.deb 4f4ac9896e9c51719c578d1142333b248224bd4a 198056 libssh-gcrypt-4_0.9.5-1+deb11u1_s390x.deb d3c43337575aca4980fe5a39383cb87446f7fe82 253712 libssh-gcrypt-dev_0.9.5-1+deb11u1_s390x.deb 573ce9b69a94642c8fb3073783df86d6d2d5d648 8855 libssh_0.9.5-1+deb11u1_s390x-buildd.buildinfo Checksums-Sha256: 788c9ed6ba216d923c685bf9d765a5bd664ff2a866f6e6a4247f5f6ee9f5d282 476940 libssh-4-dbgsym_0.9.5-1+deb11u1_s390x.deb 525bcfb9fb40409adcd0dcb3fa289dc94ba6b21b701acc08b7578727dd98a975 166796 libssh-4_0.9.5-1+deb11u1_s390x.deb 44084ff9449cba80b1e1122fb4e82b0ebc170965bbc0e46d0cce9f61d85d7556 219144 libssh-dev_0.9.5-1+deb11u1_s390x.deb 315c08269d1f27015df7241221d4caa0d89a59a0148b61e2e0c805766d4142a8 516460 libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_s390x.deb 4ad511d1ee4c3a773bd81d07d1b17315bd206ac2204d1093f2b36dec95219d5b 198056 libssh-gcrypt-4_0.9.5-1+deb11u1_s390x.deb f99303cafb67ae45b4e7cf1d4887c2d05c805229898f2bd5daebbf5f44f003ba 253712 libssh-gcrypt-dev_0.9.5-1+deb11u1_s390x.deb c64783cc5b103c59b2a685124c9458aa60532697a2492ca67dcb9929545a8f18 8855 libssh_0.9.5-1+deb11u1_s390x-buildd.buildinfo Files: f9f3a8e7089035ca230ff769c93ea967 476940 debug optional libssh-4-dbgsym_0.9.5-1+deb11u1_s390x.deb 7f5bf590d983d8b20e86b2beef49eb92 166796 libs optional libssh-4_0.9.5-1+deb11u1_s390x.deb e394ea6244c2026eff2de18fd7f7a44b 219144 libdevel optional libssh-dev_0.9.5-1+deb11u1_s390x.deb d7c8ae8cc9120325c995f48d950df57a 516460 debug optional libssh-gcrypt-4-dbgsym_0.9.5-1+deb11u1_s390x.deb 2ea67dfa48528096a642e3ccb9aaef24 198056 libs optional libssh-gcrypt-4_0.9.5-1+deb11u1_s390x.deb 951e8a589869b794300b08d9a32f16ff 253712 libdevel optional libssh-gcrypt-dev_0.9.5-1+deb11u1_s390x.deb 29c8839814312d6c90a992fe2e18a031 8855 libs optional libssh_0.9.5-1+deb11u1_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEojOFpcHXAua7nE2yC6cttUtB7SYFAmEsWigACgkQC6cttUtB 7SZ6Rw//XfmyRVsZ0AF1DZPpEU9+agIt0AXh4HpSDEMxgUm+NeNyRs+iW08eaLUH 7Cwlcmlso+Q4chnOqI/CbVnt9uspv87DqsXMD5r8hIrzkpT+ZAidSYHQ7r4OHqsJ SfEPRV1riFndGtgY33GD5HwfQR1YSnqY8IiRpmIMCNswO5/iISQPQyEsSIHwtDWo ISpwYY+ZDlWKt8Rap9mr2CDaS19NfRS2HIb/nQV959SbDnLsG+246PNDlxIikHOM otKcGBFjMceOSv5gpevSv8sYQF0iSnvuLrLCWDAcfupG0LrteX65F9byN5K4pO8r GFZSLNL8sZ76/JSbWm7xpgafiBjVerk30mg5goCkGIhYZM4WEiqvYw06BobVUP4c XN+XHZxhhL4EggbvaAvyJNT/2344UWJjmhfJSsIwgx511Ga8mKdiwWZak2sDzcvA NlKkyC6xKXOHfK76BClsT+2n/wKSCvKuET5lWDCBkkUBNb5eSx6u7xsO7Q9GQ5AS 1+CyL4OUv46sOFONcvpE9Z3dEU1g5n8zbWktD1Al6ajmc2pbi5sUUTo9rRDYYo4Q zanxam7UK13kVCuFpoEYJOXY1OlFuALy/Ez2WSfHtJejjLKykq976CrWB3jxFj73 i33kharnqIUX7nyQHmEf/qnwR2Mtc7lRFYwFLBSUtCJliKOyK+4= =XXA0 -----END PGP SIGNATURE-----