-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 10:29:30 +0100
Source: libssh
Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev
Architecture: arm64
Version: 0.10.6-0+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
 libssh-4   - tiny C SSH library (OpenSSL flavor)
 libssh-dev - tiny C SSH library - Development files (OpenSSL flavor)
 libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
 libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor)
Closes: 1108407
Changes:
 libssh (0.10.6-0+deb12u2) bookworm; urgency=medium
 .
   [ Martin Pitt ]
   * stable-security → bookworm-security
   * Backport security patches from 0.11.2.
      - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions
      - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file()
      - CVE-2025-5318: Likely read beyond bounds in sftp server handle management
      - CVE-2025-5351: Double free in functions exporting keys
      - CVE-2025-5372: ssh_kdf() returns a success code on certain failures
      - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend
     https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/
     (Closes: #1108407)
 .
   [ Emilio Pozuelo Monfort ]
   * Add patch for CVE-2025-8114
   * Add patches for CVE-2025-8277
Checksums-Sha1:
 1d71ce00376e7edfb9219e0a6cc2cc6c0ff743cb 506828 libssh-4-dbgsym_0.10.6-0+deb12u2_arm64.deb
 27557497b0ecf468c6665d2ef4d901bd0b028674 177048 libssh-4_0.10.6-0+deb12u2_arm64.deb
 358d8d2f7add3783de13ba1c239d29265a86926b 238036 libssh-dev_0.10.6-0+deb12u2_arm64.deb
 be48d848abaa4b5cef629bb189963f1e7b547742 540196 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_arm64.deb
 04829469724243f2a99619984d290151016dec7b 206540 libssh-gcrypt-4_0.10.6-0+deb12u2_arm64.deb
 e179842f92a6c5ec8b84b61789fd58c9c8ca5c1f 270344 libssh-gcrypt-dev_0.10.6-0+deb12u2_arm64.deb
 5c935aa586e4267af662ee50d92927f3174155ab 9637 libssh_0.10.6-0+deb12u2_arm64-buildd.buildinfo
Checksums-Sha256:
 85e013f6566e3be5fca7172ffcff2618c0d5971d5a53f7b3cc6d9444017bfb89 506828 libssh-4-dbgsym_0.10.6-0+deb12u2_arm64.deb
 9338814316679f504ca4b41e82ec359b792636961d4df7bcd895f7736621bb06 177048 libssh-4_0.10.6-0+deb12u2_arm64.deb
 84cfc5711bf520a5b8119f555652d637aa221f4e51b4680de143dc74fef11444 238036 libssh-dev_0.10.6-0+deb12u2_arm64.deb
 a04e695ff86b7c3334dbabef5057e0819b485b3e198697fbe7bf2253ef4d3226 540196 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_arm64.deb
 d7ace2bc8e26344a72ae370e8f884a52a5e44a25f3a77fc11d455251ba77f065 206540 libssh-gcrypt-4_0.10.6-0+deb12u2_arm64.deb
 ae5a3577b0739e50fff56705d212724f40e62ecad7b73a1f5246941d7fdb1b4f 270344 libssh-gcrypt-dev_0.10.6-0+deb12u2_arm64.deb
 fcaad70affbff60f2a3622e30d96f9412fcbeac4d0d02de2e993ad2d98ca8066 9637 libssh_0.10.6-0+deb12u2_arm64-buildd.buildinfo
Files:
 901350a4ed97c47c8f77dea5da046523 506828 debug optional libssh-4-dbgsym_0.10.6-0+deb12u2_arm64.deb
 b2334bfcf356131893ebcf56cdda11ba 177048 libs optional libssh-4_0.10.6-0+deb12u2_arm64.deb
 61d86632d5ac29e6c392e814e68402c4 238036 libdevel optional libssh-dev_0.10.6-0+deb12u2_arm64.deb
 d9d11096572c889ae3e01f30c786aa65 540196 debug optional libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_arm64.deb
 2e2a697f6e4384213fa70b2bd1939dc5 206540 libs optional libssh-gcrypt-4_0.10.6-0+deb12u2_arm64.deb
 0fcfd24b5f82c1cc197dadeb6e1c51b3 270344 libdevel optional libssh-gcrypt-dev_0.10.6-0+deb12u2_arm64.deb
 e6f01cd316888042866ebe6659828e3f 9637 libs optional libssh_0.10.6-0+deb12u2_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmk0G94ACgkQlST9Us03
yws0sBAAi+ksegam2XV7wt8ka0TpXvaiZ/ORbGIMxcqwozFZgRpEPY9SQk5TC+xL
eT6MocjeQz1G2cNgNaJkzMyTmQYt2uUZ6eu0Jq8eD2JlDAXyoCBSXOV+4K7xwrFe
GwFQjiftYWdv5WFlTg2Vd8OAgcTEsOr7L+ZjNC8rQxHx1FeHbSIDDD/bp9dxPiL2
IguIcuEKhilnKUbVoNV+GyeR+nuQ6/JiTCaumLPrAS3qKVU0JZ/SOP+rP+eALJOr
3Qfo/kczC5KXq1ilYcY3CeTep0E6QPF2vKFlCjk508TKw21m2kj/HT7wMWadyv0W
Jlkwp4mC6N9ZlREyr0uxA9unwaSVTDB0yhIAH+zM58dS/+1P6mtZ9g2WZfwfEfiw
FLCUVEeMv9e2szqnoEJayyfKYlni+Ptv/8Re1IiKv76QKqJp6r3J9AYsyP5DzQ3G
1bY0DPvftgN3oICcxKWjor92agxuGQgH4cAnGNwndpku8ChA47LqxXAjqn7jbt48
5RzJpDwLQy/8o6Lgdaf/3WmvGo27wxRVTZccIUUa61R/kFJ92YRf6d/guT7+cK25
wQ5B0kKhYCgKb5pP+2R8detyomlolz9/1D3Z8U7GNsF+0SGIsQoM7BTPYGDnI4jq
VivezCAfjp01e27LA11XOvJ8E4HGTsrZG8MEVhtLxYI3C9rJDXs=
=LBEO
-----END PGP SIGNATURE-----