-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 May 2023 18:22:05 +0000
Source: libssh
Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev
Architecture: armhf
Version: 0.9.7-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
 libssh-4   - tiny C SSH library (OpenSSL flavor)
 libssh-dev - tiny C SSH library - Development files (OpenSSL flavor)
 libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
 libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor)
Closes: 1035832
Changes:
 libssh (0.9.7-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream security microrelease:
     - CVE-2023-1667: Authenticated remote DoS.
       Fix authenticated remote DoS through potential NULL dereference during
       rekeying with algorithm guessing
       https://www.libssh.org/security/advisories/CVE-2023-1667.txt
     - CVE-2023-2283: Client authentication bypass.
       Fix client authentication bypass in pki_verify_data_signature() in
       low-memory conditions with OpenSSL backend; gcrypt backend is not
       affected.
       https://www.libssh.org/security/advisories/CVE-2023-2283.txt
       (Closes: #1035832)
   * Drop 000* patches which were backported from the upstream stable 0.9
     branch, now included in this release. Unfuzz 2004-install-static-lib.patch.
Checksums-Sha1:
 215024c0cf4cfa97163fc85aab12b90e6673bd0c 466952 libssh-4-dbgsym_0.9.7-0+deb11u1_armhf.deb
 55c7ea0f89fda5b1ff970d3425a60830a6d29eff 163408 libssh-4_0.9.7-0+deb11u1_armhf.deb
 09bfe3d2e798f8b195d4ada7d01a2e862e60e0dc 217052 libssh-dev_0.9.7-0+deb11u1_armhf.deb
 9db7fe17d3e8b046e29e619046d3dd0dd283bff2 506936 libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_armhf.deb
 d6f73d4bbeef045b7a0bc4ebd41952a03958e210 194024 libssh-gcrypt-4_0.9.7-0+deb11u1_armhf.deb
 d4023726f79d3bd8acce26a06abdea90f5c307ba 250700 libssh-gcrypt-dev_0.9.7-0+deb11u1_armhf.deb
 6df68c52ac05a1c5a973fea8c3e3ed08f730c4dd 9348 libssh_0.9.7-0+deb11u1_armhf-buildd.buildinfo
Checksums-Sha256:
 b21c43ceac1b9e3aed181b574f78cd6b44fec176800bb67019f444ca1eb5efd9 466952 libssh-4-dbgsym_0.9.7-0+deb11u1_armhf.deb
 9d0327bac658e8996418892a46db82a313d87b1f3334aff9f495f8d687d5d5c3 163408 libssh-4_0.9.7-0+deb11u1_armhf.deb
 efb9c88fe47156c767ea781dc38bd6ec113fa28e50ae3dc03ddfba38b18e0e7c 217052 libssh-dev_0.9.7-0+deb11u1_armhf.deb
 74ba811c26a2ed790b2e00a88570cb83844f4841b8588fc75f83278601769d6a 506936 libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_armhf.deb
 2d2cf2f097968c0f0468364abf61acd82c0125b670baaeb33d5fc5a91354706b 194024 libssh-gcrypt-4_0.9.7-0+deb11u1_armhf.deb
 c3ea32acd62f9de532fcca25402a7cd3188228f6f0aff687f77e319436998cc0 250700 libssh-gcrypt-dev_0.9.7-0+deb11u1_armhf.deb
 bbbcf3f918a5812aa78fc1e5172e6e64117b7a18992d12973ff8d632bb96d346 9348 libssh_0.9.7-0+deb11u1_armhf-buildd.buildinfo
Files:
 d3a4657a49e04d293a5784d817e8f643 466952 debug optional libssh-4-dbgsym_0.9.7-0+deb11u1_armhf.deb
 acb75e3860b97680aa45f91276e5fb24 163408 libs optional libssh-4_0.9.7-0+deb11u1_armhf.deb
 40ef91defae319ac9bb95e4785cb621e 217052 libdevel optional libssh-dev_0.9.7-0+deb11u1_armhf.deb
 43533385cc98a81db6b08f5ba876dec4 506936 debug optional libssh-gcrypt-4-dbgsym_0.9.7-0+deb11u1_armhf.deb
 88c33f6ada1ae08a5ba3350ba37cbb4f 194024 libs optional libssh-gcrypt-4_0.9.7-0+deb11u1_armhf.deb
 948b78c166c8d3ac8321ad526050c2e0 250700 libdevel optional libssh-gcrypt-dev_0.9.7-0+deb11u1_armhf.deb
 1f898a7e50ebc5d7ef77a49e181ba3da 9348 libs optional libssh_0.9.7-0+deb11u1_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE85cWtWDyjeTR1DyXYfnSkVoQrNkFAmRqaVMACgkQYfnSkVoQ
rNmqUw/+L6w9VrAhxzyFFt8p0eifpfKd5/DNG+/j1FjRtKCwTJRyMBWXnUuRgOF3
FtnspqAf/y14blTZLIDlvzIm+sxR3D8ReNO+cCIp1i7lY/uG4FVlZKouk1Ymd8F3
NwG9cNoWvhTxk0hJd90yF3vuGec/Ygjwx1oOQrkLfuWn8a4Y5ldrSdSpqmXHJ8c1
wy1Ccl75Hlss32XTs5tQoYyh3OG1XXivhmfYxLptZ69JLtmD4PY0+ZAheDb1KwmG
+T05MHUpzxxKgi1hp0Q54APuuqg5C3AhSEkJHX7mJmbWOBAEzovP/xClKbb4tSr6
HP6gt+ddXQ8mRqvAYoW9+xI/d3PAbu85DX2zRMSzJZjEayzDNPjQ1HoUg34dRS0x
wYWswId0224tZXZwaV9ei0UvCGwi/xKQ+PH2oLPuKkHzFY0Q/CGC/2yjm3yXxzFp
uFoIpPCpDs6DW1JKT+VX1ASSF419dFBcO+VOgz0jgFbsUxSQ4TH3cTZqR0XuV3+N
PVxMRvP1odj1yQSxLOMsfinti6BwVrxK29oguSN38zqozclnMA6vEsLTvjjqTS1j
qwnvVARGqhM9F9Sm5mnJXjQagJqubBlwQJnrT7lzF4UfRmvZ4+XDuHvkDoJsA7kf
3KwwJCYE6Gis2oz9AXusAK/oc7I13KGzZVrV7N+8iUSvhtgUI9s=
=cqTp
-----END PGP SIGNATURE-----