-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 May 2023 18:22:05 +0000
Source: libssh
Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev
Architecture: arm64
Version: 0.9.7-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
 libssh-4   - tiny C SSH library (OpenSSL flavor)
 libssh-dev - tiny C SSH library - Development files (OpenSSL flavor)
 libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
 libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor)
Closes: 1035832
Changes:
 libssh (0.9.7-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream security microrelease:
     - CVE-2023-1667: Authenticated remote DoS.
       Fix authenticated remote DoS through potential NULL dereference during
       rekeying with algorithm guessing
       https://www.libssh.org/security/advisories/CVE-2023-1667.txt
     - CVE-2023-2283: Client authentication bypass.
       Fix client authentication bypass in pki_verify_data_signature() in
       low-memory conditions with OpenSSL backend; gcrypt backend is not
       affected.
       https://www.libssh.org/security/advisories/CVE-2023-2283.txt
       (Closes: #1035832)
   * Drop 000* patches which were backported from the upstream stable 0.9
     branch, now included in this release. Unfuzz 2004-install-static-lib.patch.
Checksums-Sha1:
 34ae29cf3897019aa157afd8836c727633193338 480940 libssh-4-dbgsym_0.9.7-0+deb11u1_arm64.deb
 b88ec54a8cf90f95ba02fef0e769893a9057ed7a 176204 libssh-4_0.9.7-0+deb11u1_arm64.deb
 5b2a73019214a45eb621613c9508159d83979bf0 234700 libssh-dev_0.9.7-0+deb11u1_arm64.deb
 fd92c5f62f94d8346df0978c37f4cef83423ce67 520036 libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_arm64.deb
 b2fb1e0c85f7c1d2ac8106040fff33677ffd9177 208028 libssh-gcrypt-4_0.9.7-0+deb11u1_arm64.deb
 887ee9c12753b7f2d0b1dacde2f655a7cac6c431 271548 libssh-gcrypt-dev_0.9.7-0+deb11u1_arm64.deb
 171a2e094bec343d8c2e986ea5db2e5de06917d6 9417 libssh_0.9.7-0+deb11u1_arm64-buildd.buildinfo
Checksums-Sha256:
 d4360275f385dbd0cf5227e33ea77d843c4aa3536cc5db72484e362fbedfe19e 480940 libssh-4-dbgsym_0.9.7-0+deb11u1_arm64.deb
 c9c4230bbb312f999a2b9037d7b326889713a570f77819886ab0bad1e7e2faa0 176204 libssh-4_0.9.7-0+deb11u1_arm64.deb
 3bfaebf518749a9191fa85aa64ef00622803f9e3dc043fe9ebed0988876342e3 234700 libssh-dev_0.9.7-0+deb11u1_arm64.deb
 0e79fb563fee8c2664e6bd735d09c12562c084b78fceccfe6ab1caf0d069cfee 520036 libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_arm64.deb
 acbfe31fb7fe0cc5c079f10d8ffe2cdbaf7463040aa0f0102776a3de6abaf80b 208028 libssh-gcrypt-4_0.9.7-0+deb11u1_arm64.deb
 3c210b7f0a805837d50e6c330a382af70823a1c17113b031a65726cba66a010f 271548 libssh-gcrypt-dev_0.9.7-0+deb11u1_arm64.deb
 114a9cd53a97fe3591f5b47b0242ce04607e39cd008fd03f3cb2d630c0fe228c 9417 libssh_0.9.7-0+deb11u1_arm64-buildd.buildinfo
Files:
 056f8d3dd00754bc4bd2b64fc943a300 480940 debug optional libssh-4-dbgsym_0.9.7-0+deb11u1_arm64.deb
 0004ddc7cd4266a1250c7e7e3d523fc0 176204 libs optional libssh-4_0.9.7-0+deb11u1_arm64.deb
 7936949006f328905f89a26704505a66 234700 libdevel optional libssh-dev_0.9.7-0+deb11u1_arm64.deb
 d4872ce8a3d526093ac46e672211bbf6 520036 debug optional libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_arm64.deb
 699858f6cf4800dc0e3853fff1b180f0 208028 libs optional libssh-gcrypt-4_0.9.7-0+deb11u1_arm64.deb
 85743c27dd9774a956d9681a7e0bcdb1 271548 libdevel optional libssh-gcrypt-dev_0.9.7-0+deb11u1_arm64.deb
 a0d3ccc67ef0ab481f69740054f5d2ea 9417 libs optional libssh_0.9.7-0+deb11u1_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVNIS6FpWdgLvabP3yAdpDL98SQ4FAmRqaGcACgkQyAdpDL98
SQ5xeBAAgnijehxanSYsBISObJOBV42z9rLvL4TnFNM4skhKgucuTMbLOPtTXUEb
osnHRQO0n6AgRsEVd6yepTagP8VFhi2fHbmSu4i11VFu3kCbLNxc57ByHh+Lkc9r
g8h/TW3TDNJqLCSS8icPZ46IvoTjrkhWjC8W7YzxSXiF4txNzGZS24KypUXJaTG5
a5qKgRrSUVtMxp78qtJhGf1tzWs5hWkR/Mii58o5mTjp4Kt8kGM4ZM32v+PYnb7y
EigBE2+DOU6Dm5zBLP1IqM6wtoWrAE74IaCwcVtOO0oYluvAB1GcPQeiM0cNAchC
bUoWKbMdIRwTvyqFU9PeCDFrXKvDtX8FeMFSQcw13kCRY5cls0vxiI8zmS+e6eFS
SXdfiuxSZVFEKqYFUO2+0OeeFbfmne7w/zwb6LB4uxczcslDcleEO56bOYVYNF/n
oV7DQn0aDNZBJ+mE/nbZiwBpwebup9ItZCYSIqkMEua6ssZDKUmvB1Jtk4mdoMNP
pMKZ34ZEdfMd0qaZXYp1nU3bKq3qzh7oHVLSIxs1nr8sKfyRzP9bfWhmlqFOZs9H
lBb+hgdcT72pNed4uSdK9BXFX5GXpz768FPZdN9Frnp9RruzQAvE71gV+7jz1nSS
NBUnXSVhCP7spEhhct7KTS1ZwTzGKbtJYf+4c7AH3xNn4Eu5v3M=
=cYSN
-----END PGP SIGNATURE-----