-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Nov 2025 10:29:30 +0100 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: armel Version: 0.10.6-0+deb12u2 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Emilio Pozuelo Monfort Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 1108407 Changes: libssh (0.10.6-0+deb12u2) bookworm; urgency=medium . [ Martin Pitt ] * stable-security → bookworm-security * Backport security patches from 0.11.2. - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() - CVE-2025-5318: Likely read beyond bounds in sftp server handle management - CVE-2025-5351: Double free in functions exporting keys - CVE-2025-5372: ssh_kdf() returns a success code on certain failures - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ (Closes: #1108407) . [ Emilio Pozuelo Monfort ] * Add patch for CVE-2025-8114 * Add patches for CVE-2025-8277 Checksums-Sha1: 3787bd5d70403c08dd3ff1331972f8918a3de3e0 491464 libssh-4-dbgsym_0.10.6-0+deb12u2_armel.deb 4560796de14f15a10e543475afe073b2c9edad9c 158956 libssh-4_0.10.6-0+deb12u2_armel.deb 52dadbe47938587418159c48c37ffbf1ef80aee3 215444 libssh-dev_0.10.6-0+deb12u2_armel.deb 4e4789151fa49b2569794af381d5d15e707a3233 526188 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_armel.deb 10897f3b93fdde3ea93067b5d3853b864038faa2 187500 libssh-gcrypt-4_0.10.6-0+deb12u2_armel.deb 2b3d4d63817c6880feaf841d986f3e599657a5cd 246176 libssh-gcrypt-dev_0.10.6-0+deb12u2_armel.deb 9e9ff5e14e69cb8d0a2856307d1fd26e6a04a8e9 9479 libssh_0.10.6-0+deb12u2_armel-buildd.buildinfo Checksums-Sha256: 0668faccf2adfdf228a65ff037dcd1de4225fbc2c7e4d82d7372f5685c86b835 491464 libssh-4-dbgsym_0.10.6-0+deb12u2_armel.deb 501a01f0f4d5b0a3c4debdcaef07075a64c87cf8a2f5df778b38920639a37a3a 158956 libssh-4_0.10.6-0+deb12u2_armel.deb 9d8c3e5c83ce4d31b5722653521f98ab6606bb4d1ba87ed1cba040c53602ade0 215444 libssh-dev_0.10.6-0+deb12u2_armel.deb eae6b8e5bd6b83b13a10a918dc571f8d4a929057756085426dc99703913dee80 526188 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_armel.deb 775f02dbc20d8ff637c297f7be7c6624c31b919e0c5b84edcd352d019b5e4498 187500 libssh-gcrypt-4_0.10.6-0+deb12u2_armel.deb f7c95fc572b2b5222da33529d17218c7e3970d1578758f65e23c6e1c3afbf549 246176 libssh-gcrypt-dev_0.10.6-0+deb12u2_armel.deb 194d7b8ef6d10860f84f9c75e77da9382b0b30e56e79089fe1651aeec28ececa 9479 libssh_0.10.6-0+deb12u2_armel-buildd.buildinfo Files: d4a5f49ebf4ce6b3a56ec99e57a21792 491464 debug optional libssh-4-dbgsym_0.10.6-0+deb12u2_armel.deb be9c37378b6487ad6196ad87e5c90f06 158956 libs optional libssh-4_0.10.6-0+deb12u2_armel.deb 1997d5d09650b232adac7eb280129f86 215444 libdevel optional libssh-dev_0.10.6-0+deb12u2_armel.deb 72bae74616657481f5f9a1b540a9ec56 526188 debug optional libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_armel.deb 15422387e6f1f072953e1c6299a7c5ff 187500 libs optional libssh-gcrypt-4_0.10.6-0+deb12u2_armel.deb a23c8e5c75eef7bc0a7d142a25b18940 246176 libdevel optional libssh-gcrypt-dev_0.10.6-0+deb12u2_armel.deb 56316fcaf7ded55558ebae4e1fbb3c0c 9479 libs optional libssh_0.10.6-0+deb12u2_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUPFH3FhY8nQZGtLwVLd4YzMSDKEFAmk0HGcACgkQVLd4YzMS DKH8Zg/+KjVr7lpNN/agS8rbzibfOEV2x6aXWJ73YkuBvd4XMBPwqW4MAuAOOk81 oehsRerIBHRsmJi5kNo910cY/zQiMk6IxeTcfIHmzG1En3L2k/3xd5FPnnSB+rga gnCJkwQ1OZaPnN3Rt4349+RDc6G7e7mrxWdOelbT6seuMgqS3oBLR8TRNvyrXjpO LOcrnD9AfOaC7i1Wys1U6NxmELRg8HOPFSB+0kPMrs8ckl6LZtRlUipoS1mTs6TR 4uUfY4GDZw0j+oCY0DaaVshTC8F+uqOPkOgl16B+ibYpE3de6sd4O6u96BMModW8 KPSXgYcK4hBHHUyzYysPHCV8B1GbGI7Bl54Hqhnhcclc+0NSrWo+ijxw8C7dj++Q EVX07cja3iJfibqJ3FvC1mLGv+esDKoAPZpgY0hgEWkOMoY6fpjGdVRUuzM12EGi phoQxVa//eFgj4rlQgw8oAbrCffMVNxelBg/HKza2ThIp83A5gpG67hk4qk88KlO tyt7DBmnKmP7RqBO8AOxAAxxFmAl0PedVpmNC35ofDMqb2EYcac2qNiNw+lYNZ3T zuOygPaZUwrLOD6xiQqp9DL8J5sUhDVj+lmOhyjSARD+NG43ol7T+lSfuvQipXHX qlb8Ystqhs6kVvgjql01HvIIIzA4q1rPvmDplGaIqqYCC9ey6v8= =JFjT -----END PGP SIGNATURE-----