Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: lib...@packages.debian.org, car...@debian.org Control: affects -1 + src:libssh
Please unblock the recent libssh security update in unstable to land in trixie. [ Reason ] That fixes a bunch of CVEs (https://bugs.debian.org/1108407, https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/), plus some good fixes and minor cmake build system cleanups. [ Impact ] No API/ABI changes, so this does not affect other packages. [ Tests ] The less obvious upstream changes have unit tests, e.g. https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d The more obvious or "shallow but mass-scale" changes don't, e.g. https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6ddb730a273 or https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=697650caa97 However, there were about 6 reverse-dependency autopkgtests and they all passed. Unfortuantely they disappear from https://qa.debian.org/excuses.php?package=libssh after passing, I don't know how to get that list now. But I saw the "in progress" ones yesterday. [ Risks ] There are numerous changes, and while I reviewd them they are not 100% risk free due to sheer size. However, I have some trust in the revdeps autopkgtests. [ Checklist ] [x] all security relevant changes are documented in the d/changelog; I didn't enumerate the bug fixes [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] I attach the debdiff as a formality, but it's much easier and more useful to review the individual upstream commits. They can be seen here: https://git.libssh.org/projects/libssh.git/log/?h=stable-0.11 all the commits that were made in the recent days, up to the (previous) libssh-0.11.1 tag. Thanks, Martin
libssh_0.11.1-2_0.11.2-1.debdiff.gz
Description: application/gzip
