Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hello, Please unblock package libssh This version fixes 4 CVE and several other bugs version 0.5.3 (released 2012-11-20) * CVE-2012-4559 Fixed multiple double free() flaws. * CVE-2012-4560 Fixed multiple buffer overflow flaws. * CVE-2012-4561 Fixed multiple invalid free() flaws. * BUG #84 - Fix bug in sftp_mkdir not returning on error. * BUG #85 - Fixed a possible channel infinite loop if the connection dropped. * BUG #88 - Added missing channel request_state and set it to accepted. * BUG #89 - Reset error state to no error on successful SSHv1 authentiction. * Fixed a possible use after free in ssh_free(). * Fixed multiple possible NULL pointer dereferences. * Fixed multiple memory leaks in error paths. * Fixed timeout handling. * Fixed regression in pre-connected socket setting. * Handle all unknown global messages. Diffstat: $ debdiff --exclude '*.bak' --exclude '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat CMakeLists.txt | 4 - CPackConfig.cmake | 2 ChangeLog | 15 ++++++ README | 113 +++++++++++++++++++++++++++++++++++++++++------ SECFIX_0.5.2.tar.asc | 7 ++ debian/changelog | 8 +++ doc/mainpage.dox | 113 +++++++++++++++++++++++++++++++++++++++++------ doc/threading.dox | 18 +++---- include/libssh/bind.h | 7 -- include/libssh/misc.h | 1 include/libssh/priv.h | 12 +++- include/libssh/session.h | 13 +++-- include/libssh/socket.h | 1 src/agent.c | 3 + src/auth.c | 1 src/auth1.c | 1 src/bind.c | 6 +- src/buffer.c | 34 ++++++++++---- src/callbacks.c | 2 src/channels.c | 21 +++++++- src/channels1.c | 1 src/client.c | 7 +- src/connect.c | 2 src/crypt.c | 1 src/dh.c | 5 ++ src/error.c | 9 ++- src/getpass.c | 1 src/keyfiles.c | 36 +++++++------- src/keys.c | 5 ++ src/known_hosts.c | 1 src/log.c | 64 ++++++++++++++++++-------- src/messages.c | 14 +++-- src/misc.c | 54 ++++++++++++++++------ src/options.c | 16 +++--- src/packet.c | 1 src/server.c | 4 - src/session.c | 69 ++++++++++++---------------- src/sftp.c | 41 ++++++++++++----- src/sftpserver.c | 1 src/socket.c | 27 ++++++++--- src/string.c | 26 +++++++--- 41 files changed, 558 insertions(+), 209 deletions(-) unblock libssh/0.5.3-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
libssh.diff.gz
Description: GNU Zip compressed data
