-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 May 2023 18:22:05 +0000
Source: libssh
Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev
Architecture: amd64
Version: 0.9.7-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
 libssh-4   - tiny C SSH library (OpenSSL flavor)
 libssh-dev - tiny C SSH library - Development files (OpenSSL flavor)
 libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
 libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor)
Closes: 1035832
Changes:
 libssh (0.9.7-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream security microrelease:
     - CVE-2023-1667: Authenticated remote DoS.
       Fix authenticated remote DoS through potential NULL dereference during
       rekeying with algorithm guessing
       https://www.libssh.org/security/advisories/CVE-2023-1667.txt
     - CVE-2023-2283: Client authentication bypass.
       Fix client authentication bypass in pki_verify_data_signature() in
       low-memory conditions with OpenSSL backend; gcrypt backend is not
       affected.
       https://www.libssh.org/security/advisories/CVE-2023-2283.txt
       (Closes: #1035832)
   * Drop 000* patches which were backported from the upstream stable 0.9
     branch, now included in this release. Unfuzz 2004-install-static-lib.patch.
Checksums-Sha1:
 33aa5dcdf1a792f55ac5391b9b0ac3afb45f5762 474092 libssh-4-dbgsym_0.9.7-0+deb11u1_amd64.deb
 e2ed322de08ce15b1c4d82b73537c33617f1e9be 187944 libssh-4_0.9.7-0+deb11u1_amd64.deb
 d8f7ea6130a7342a135b8e627337aeb4843de4f0 236328 libssh-dev_0.9.7-0+deb11u1_amd64.deb
 2704cabf50f8edf7dbd583316c564182e6fad248 514392 libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_amd64.deb
 6a35411fae503c718408f7e5ce0c0f5572e5924e 220004 libssh-gcrypt-4_0.9.7-0+deb11u1_amd64.deb
 3e46d7aa5d5b81f2ed062627a324dd945f6f3832 270704 libssh-gcrypt-dev_0.9.7-0+deb11u1_amd64.deb
 28d13e41e26a6b003f80bc8afb139fcab4cddd95 9447 libssh_0.9.7-0+deb11u1_amd64-buildd.buildinfo
Checksums-Sha256:
 e548aeeca9ee57d6d434bd385e198cc97937a1f75594231ed2be7d146ea9e60b 474092 libssh-4-dbgsym_0.9.7-0+deb11u1_amd64.deb
 8b93168832c06ed336d8d6d4b584a0c73438b377e82979092c325c28d60b7295 187944 libssh-4_0.9.7-0+deb11u1_amd64.deb
 fa51a4f43f45862109ffa37d5e47b644688fa691cf8c523f25b6286cfbb24e94 236328 libssh-dev_0.9.7-0+deb11u1_amd64.deb
 ac8ea9979d9a6e3c3f3d41af7389e37dac6d7336669ddaedfc82e07a14eb8c71 514392 libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_amd64.deb
 af8fd030f664c18e77809c964c5d284fc108fc963fe453ec1a2ae51725671d0e 220004 libssh-gcrypt-4_0.9.7-0+deb11u1_amd64.deb
 f53047e9d441dfe92cdb25fc96a15cfc21369a2938359eb7cd815223579378c9 270704 libssh-gcrypt-dev_0.9.7-0+deb11u1_amd64.deb
 3814ee07aa4b6db157408a0ef481ed66e40270dec6ac3ca6837a53cb7c80574d 9447 libssh_0.9.7-0+deb11u1_amd64-buildd.buildinfo
Files:
 79d901da0235bdd361f41a1ee5926d52 474092 debug optional libssh-4-dbgsym_0.9.7-0+deb11u1_amd64.deb
 c2e3c1e44c5a84d56f1e4392518535d9 187944 libs optional libssh-4_0.9.7-0+deb11u1_amd64.deb
 77aff8f88cfa0e41f37a69218c65fef4 236328 libdevel optional libssh-dev_0.9.7-0+deb11u1_amd64.deb
 f28583878377251d7a8c39c970f6cd23 514392 debug optional libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_amd64.deb
 cef90fbe8984939c1163fb822b6acbd9 220004 libs optional libssh-gcrypt-4_0.9.7-0+deb11u1_amd64.deb
 b224ad6e5a263172fd4a49b008d8b0a7 270704 libdevel optional libssh-gcrypt-dev_0.9.7-0+deb11u1_amd64.deb
 92901c4849f5c16879b7f42a1adbbda9 9447 libs optional libssh_0.9.7-0+deb11u1_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETrPl0/PCLhhyzVa6pXKW7Jh8MpIFAmRqZ90ACgkQpXKW7Jh8
MpItbQ/9FYncOTFPY3D5XkdGNfFk+iK2TXGu9eCf1uFZhN5tSffogN7JA7cKQ9Q8
ezZzG34TWiOF6AUy3VmTz9KsCxZUtocUMWOy9a5qPn+QF7Vv1PYHCGX8v+JZuwyb
MV76R/P9hly/mC1WRJSnwxb6aFQeU8hpy5OdM6kVwZu1K6WU7/fa3rjC/fHbAFwo
MC7gFo/fpq+z0QIz9TjPDzUAq8sAx8kCBc6QbY2Z2xmm0qZWRUzWlCHXr18z+iD0
0cI6beDhWp+JpBtAhhQd8cPub9n2P0bjOO1vkyxLdJYkMzp6ttnsu2QTvSBo+Km+
DQbO/ixMziB+I9dsSVdep1l/LKjTrTfMrHEjVtxWY6/A6R/4FwLdsAcEdC6+a2bI
daGbgkYAKBELRzPmbhuvdflpoe5rFc88QDGMss7msIOVoapESaMpbCux5H3/p1j9
9F70z7jPCwFjQ6rVC2DHHmP2/H7RutctN9iQslkri5ZoWJMkaXsjYwlPqJOpbgHF
NBnPEOrJYviWdITQWa9ae8J2Lbawq2kxDHjjIu6+EGsQ8HEHG6RupoUjaY4usOEG
46c/699cUdEix/tukOC75nkJyyTObXMot+og8QAALNS2u9ZkioEnYLfG6Dwdo/xA
/kqv7JlMPy8NQW7zayUTWCf6Mkkc7clVg7ji+8C18olsTzO7lKE=
=Hhkm
-----END PGP SIGNATURE-----