Your message dated Fri, 13 Mar 2015 11:48:39 +0000 with message-id <e1ywo51-0007tl...@franck.debian.org> and subject line Bug#780249: fixed in libssh2 1.4.3-4.1 has caused the Debian Bug report #780249, regarding libssh2: CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780249: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780249 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libssh2 Version: 1.4.2-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libssh2. CVE-2015-1782[0]: Using SSH_MSG_KEXINIT data unbounded If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1782 [1] http://www.libssh2.org/adv_20150311.html Please adjust the affected versions in the BTS as needed. Note, packages for wheezy-security are already built and prepared to be released. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libssh2 Source-Version: 1.4.3-4.1 We believe that the bug you reported is fixed in the latest version of libssh2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libssh2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Mar 2015 12:08:30 +0100 Source: libssh2 Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg Architecture: source amd64 Version: 1.4.3-4.1 Distribution: unstable Urgency: high Maintainer: Mikhail Gusarov <dotted...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Closes: 780249 Changes: libssh2 (1.4.3-4.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add 0003-CVE-2015-1782.patch. CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. (Closes: #780249) Checksums-Sha1: cb3db521bd8b39ead29662eb31c0728f696df69d 1854 libssh2_1.4.3-4.1.dsc 9bc1aab69dd8db3e7c62d1262e467fe22bcfc8e5 7884 libssh2_1.4.3-4.1.debian.tar.xz Checksums-Sha256: 841dff8b0ab68f839136959d573fb56842f7266b48392acaf20456ff689c729b 1854 libssh2_1.4.3-4.1.dsc 27b7e51ae13210787435ca94328f20b4e39a94fcfbc618a595d01f5bc3587311 7884 libssh2_1.4.3-4.1.debian.tar.xz Files: 4c8755992d0fec1f9b320574ffc501e0 1854 libs optional libssh2_1.4.3-4.1.dsc 93df88fa42b6a13a3860ba451b799195 7884 libs optional libssh2_1.4.3-4.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVACRUAAoJEAVMuPMTQ89EyBoP/jlxK3omvhZUFXSlmCGpKKsn /F3SI5h9yCXj+2+X5yYZzyrAV0uR9JYJCJojnG2fva0otD7NnoadoEF2jP7+O4ma xaPniUb9HLWz1c5sfys2KaV0hBIob5oPsk0ExPcpHJy9kGRmZBVgR8GH9E2mcENC CF37pds6PjecchW0IJWZnwVlyRqvjLGdmMatwA7/HaIMmZrZtTZWYUmKi36gmg1Q QX/e2bj9wHN1zs8/pf42r+hsMdBWZQzKvJMHFZ7+oy5NLSGkz85TA8mXdwlcWEdr x5p2qgaKrxakAWZvqgvG01ZGMXzapKwPhbTkMjlU8c5palTk6t/F6kPa3DXJPDzc 0m6qtQXSxveAATlNLZKrMpvQku1JB4fXhUZ3FexT34w3+pXMECaAdbDx11Hhi+Pk /9PyDcISTPGvlJ5Yt74upfjtdznJ0iz+xXoSUrIdonTmc/seRo9GWe98RWQViR9f 3ry4wzZuKHlpzh5XSb04ku8f8VgPjnf1bALbx99GVl2nHpADdAhw8CtpjUEAjn8x VVfxAQcf8Zz/VqEr3KlS99LJdcu9RQ/NMP1LGwkxoWEJCzNm26/cpOuQf9HjEgqC VRX+7if8Uko3PSGVRhUH13Nol2BxrRDYpU0vdj7EHA8Bc8jU4WB8zW2yyhYwTgQC fx2WFbaCCsfDNTRZ//92 =NuT0 -----END PGP SIGNATURE-----
--- End Message ---
