-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Nov 2025 10:29:30 +0100 Source: libssh Binary: libssh-4 libssh-4-dbgsym libssh-dev libssh-gcrypt-4 libssh-gcrypt-4-dbgsym libssh-gcrypt-dev Architecture: ppc64el Version: 0.10.6-0+deb12u2 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Emilio Pozuelo Monfort Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dev - tiny C SSH library - Development files (OpenSSL flavor) libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library - Development files (gcrypt flavor) Closes: 1108407 Changes: libssh (0.10.6-0+deb12u2) bookworm; urgency=medium . [ Martin Pitt ] * stable-security → bookworm-security * Backport security patches from 0.11.2. - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() - CVE-2025-5318: Likely read beyond bounds in sftp server handle management - CVE-2025-5351: Double free in functions exporting keys - CVE-2025-5372: ssh_kdf() returns a success code on certain failures - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/ (Closes: #1108407) . [ Emilio Pozuelo Monfort ] * Add patch for CVE-2025-8114 * Add patches for CVE-2025-8277 Checksums-Sha1: 5e020293e39e9e07e998c68e9b87b27fbe2c4b12 522356 libssh-4-dbgsym_0.10.6-0+deb12u2_ppc64el.deb 5dd37fa32aae966ccf12c1741a80350d469f6fa2 206576 libssh-4_0.10.6-0+deb12u2_ppc64el.deb 949c414e7772b5d741e0f49626012dd9bc0e1bf5 265908 libssh-dev_0.10.6-0+deb12u2_ppc64el.deb 44dfee62200a5793dbe76dbf2c0fcf2693444ff5 559020 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_ppc64el.deb c1e4774ebcd7d9750d118153c46d12f00f65e5a1 237716 libssh-gcrypt-4_0.10.6-0+deb12u2_ppc64el.deb 354aaec32798b896a79659110a6b2bf88ee69b96 299300 libssh-gcrypt-dev_0.10.6-0+deb12u2_ppc64el.deb b81703aa1a5cf2eef14aef30751df65da3dad7de 9658 libssh_0.10.6-0+deb12u2_ppc64el-buildd.buildinfo Checksums-Sha256: efe23566b6303906fd23f1b94dd8564e803001db22b622d487602098610052c3 522356 libssh-4-dbgsym_0.10.6-0+deb12u2_ppc64el.deb 1ccb005121fef88caf00fe0ceea073c96a7ddfbed304953cd9dd450dd2c2aff8 206576 libssh-4_0.10.6-0+deb12u2_ppc64el.deb 1ad1ae335a74644192188d1f537bd17176ca8282ba5c556bd8dc135b294b31f6 265908 libssh-dev_0.10.6-0+deb12u2_ppc64el.deb 4aea5d64084d2cea7498e9bd110865207db48f396f78d08da846d4739f6c25d1 559020 libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_ppc64el.deb 8436c10fce55703bc8e7b8dac0834af5ed0365619ef9a60d871d170e1004211b 237716 libssh-gcrypt-4_0.10.6-0+deb12u2_ppc64el.deb 35599bf9de0b0d58c8eda0137183bf1efff2750704eda9194bcfe777c9bfa7cb 299300 libssh-gcrypt-dev_0.10.6-0+deb12u2_ppc64el.deb 2f9743273193ef1f0db31994c5f2886e3bf9eaf6801f407d4ace66af3da1a203 9658 libssh_0.10.6-0+deb12u2_ppc64el-buildd.buildinfo Files: f30e58f4bf24b02dfb7c4844e02e370d 522356 debug optional libssh-4-dbgsym_0.10.6-0+deb12u2_ppc64el.deb 8c94ec15d867045672039daad53293c4 206576 libs optional libssh-4_0.10.6-0+deb12u2_ppc64el.deb 8beff2f69310ed5a1c8fec37d0a8de0e 265908 libdevel optional libssh-dev_0.10.6-0+deb12u2_ppc64el.deb 8988d2578aeae049d464b9bceba3456f 559020 debug optional libssh-gcrypt-4-dbgsym_0.10.6-0+deb12u2_ppc64el.deb ec390945937eb1f33c5219e91db9bfd4 237716 libs optional libssh-gcrypt-4_0.10.6-0+deb12u2_ppc64el.deb 648ab857685087224f80fceef8153fda 299300 libdevel optional libssh-gcrypt-dev_0.10.6-0+deb12u2_ppc64el.deb 8e3bc9e00b6b856d09849881ba78e9ef 9658 libs optional libssh_0.10.6-0+deb12u2_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvNkWZvjZkiWgJGRETMSrGPLkYxUFAmk0HO8ACgkQTMSrGPLk YxXjGRAAg/5oYKVapIAHQwhpvTzg8efCKcyzHhVnxrzqqq/pws0UL5/xWabUx9V2 91REZ1J4V5EBrYZSX3ygoQUFDzNEz/kXSjLc6yuyEfoSIp+ypczPH1ZcMCUoDEb/ ELfg2it1pKlMCbHbWIdsCthtX4BaoJLpsaxVyBKv2qjZqgIJ8l1ik/PXnDA1Ls8I ntbvTKFtmKzbxuxxM1E3+UpaxF5VeuKNrP5l8Z0DMkSpyO/SCrvsyeyuLc0v28Xk 1qKWK2AFf2rd9PLjmE3p0p2FWW2w8pOn29IDm2JpZ7Jh5eeKQALfb7Ud5Al6mRw/ o9SSpazjU0P2bfyGwM/zMmuhObEdNqTzN06f509+S8xoK4zF5o7RzCcQvX/gXTVs dwsD/yNFbHyaUJCDH12bUnh0ch3Ua9gu7yTGoz29fiPrIW7LzX+jJahGIkyO36+i /Ey8VtR6/VzX+R690/+hkRi3RjJdq8CziclleBflTmGj3tbHJHalmLNSSPrF01KR RncvW53J69tJcbqZH+J1OHOThNbVP8SqmAyz9aarxHPR6jXgK20pZD7i6+JO4L0+ Tqb1usF0dxuin/6wrAudn0PHbLrFHqV1LWVhl1zdoaBcYwBNcr0c+/OpzThMCqgk yBewMRAlINSo+L0LhboE80yo+KbM7cvRIlFEHwiTVWAWgjucOVo= =B3PZ -----END PGP SIGNATURE-----