Your message dated Wed, 24 Feb 2016 23:17:08 +0000
with message-id <e1ayig8-0008qt...@franck.debian.org>
and subject line Bug#815663: fixed in libssh 0.6.3-4+deb8u2
has caused the Debian Bug report #815663,
regarding libssh: CVE-2016-0739: Weak Diffie-Hellman secret generation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
815663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815663
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libssh
Version: 0.4.5-3
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libssh.
CVE-2016-0739[0]:
Weak Diffie-Hellman secret generation in libssh
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-0739
[1] https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.6.3-4+deb8u2
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 815...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Feb 2016 16:00:29 +0100
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg
libssh-doc
Architecture: all source
Version: 0.6.3-4+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Laurent Bigonville <bi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 815663
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dbg - tiny C SSH library. Debug symbols
libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
libssh-doc - tiny C SSH library. Documentation files
libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Changes:
libssh (0.6.3-4+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-0739: Truncated Diffie-Hellman secret length (Closes: #815663)
Checksums-Sha1:
a830844974a7e6763d40f653b75fdadfcd962d73 2320 libssh_0.6.3-4+deb8u2.dsc
8189255e0f684d36b7ca62739fa0cd5f1030a467 279492 libssh_0.6.3.orig.tar.xz
304013847f4921fa0735386cf9df44e9fe366e1b 18684
libssh_0.6.3-4+deb8u2.debian.tar.xz
4713c90e3c6a923f9d54b5c0e211d948d6a806ea 199414
libssh-doc_0.6.3-4+deb8u2_all.deb
Checksums-Sha256:
56093ce89933c72a571a2b74a43f1287a034109042958c01cb9718bdb8e409e0 2320
libssh_0.6.3-4+deb8u2.dsc
2bb5d7c595059f990a8915c190169257328ffa828ced0c05b09bbe186092cacb 279492
libssh_0.6.3.orig.tar.xz
2eb01665f2773e87110346001b0f28e72594b02de7aead185b0470da76c1e3cd 18684
libssh_0.6.3-4+deb8u2.debian.tar.xz
d4a6cb9fbdbd7ad1da46876dee32c5e8a626db7254b3ee1817f70be71d3dd648 199414
libssh-doc_0.6.3-4+deb8u2_all.deb
Files:
b2eea797e389eee1cbb09f45dcd8ad38 2320 libs optional libssh_0.6.3-4+deb8u2.dsc
66cf16e77f60913b4d54f18c92cdbf71 279492 libs optional libssh_0.6.3.orig.tar.xz
4b441a2812976158e8ed609e0bb31686 18684 libs optional
libssh_0.6.3-4+deb8u2.debian.tar.xz
15fbc91840ac5d0c996678b22dca65e7 199414 doc optional
libssh-doc_0.6.3-4+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWzHc0AAoJEAVMuPMTQ89EV4kQAJiWvUtkaW+vynpJalWC2dPJ
RuqpPJgZqRh6Puq0ZMmaP0HTdXRvlamJKKDoA8qU9uNUH2sn/PjGlq90jKjO7Rog
0MWfbQauozQ5bZkcQPLb4BvF+MH/lu0xoLI6pzpJRhB/3ZkiT38UIbdlhiJ+7lc9
YXgSfhm0fxANzJe8jHIwx/apRdX1XAzetx6MT/QIMHECPH9nDoytSeLwz0KUCfEa
KJBhAUb3qcR3321tHeqFyGJSVlUoRXREzpgRBYwIXka8sLnpw/Vl95vkwCelK/Qt
rJMlj6Z0axky4WJbsFuS9odBPycUULx6oKctSLCc2jK4ZoGGc+7PMINchLC1j5Vx
mBBTRFY6bXb+QHhT8EWQ2Hp3PZ9FSDqSmjHsyptKVD5usFB1nIWKCTY6+AF1uQk8
OpO1xCW61uXnOlM/Q9yCGCwX+UBJwl8Eyibw6i65wZDCNB5Pxq8wSdWFeoa17BmF
KQge8JAkPeCGrgtMZyiee93XGxLri7QGV1G/8Ud42yjOhWK/qALmiImO4qCjdeAI
3CLNuOLihuTQoPT0m9ikFHdDZWcjWIO9/2Fuo9F8rIuoNMrwIOECCfhUPKfPJA4D
vjRFn+k7lvKGonjeAxUT9h4a5+29rP+mGx68niOL6ZnOq45V5UMXZlxrkWtEZ1KX
H7Dnbp9mMgzxj+PT9B0d
=B+w8
-----END PGP SIGNATURE-----
--- End Message ---
