Your message dated Sun, 28 Feb 2016 19:49:21 +0000
with message-id <e1aa7lf-0004nh...@franck.debian.org>
and subject line Bug#815663: fixed in libssh 0.6.3-4.3
has caused the Debian Bug report #815663,
regarding libssh: CVE-2016-0739: Weak Diffie-Hellman secret generation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
815663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815663
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libssh
Version: 0.4.5-3
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libssh.
CVE-2016-0739[0]:
Weak Diffie-Hellman secret generation in libssh
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-0739
[1] https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.6.3-4.3
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 815...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Feb 2016 19:54:04 +0100
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg
libssh-doc
Architecture: source
Version: 0.6.3-4.3
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <bi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 815663
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dbg - tiny C SSH library. Debug symbols
libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
libssh-doc - tiny C SSH library. Documentation files
libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Changes:
libssh (0.6.3-4.3) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2016-0739: Truncated Diffie-Hellman secret length (Closes: #815663)
Checksums-Sha1:
8f712c2573ef9624f490336651509855ecc31b8f 2300 libssh_0.6.3-4.3.dsc
3feb7821a464f0c5fad3d9e46b2baaa4bde3311e 19220 libssh_0.6.3-4.3.debian.tar.xz
Checksums-Sha256:
92d09fc1d26aacc3163a609d5f889474c6ed46497b9045edabab6077cb96a605 2300
libssh_0.6.3-4.3.dsc
e525ed1b21b11f9506424a4d7856c8b8e94f10bf70caf5ee04ea3f91ad112a99 19220
libssh_0.6.3-4.3.debian.tar.xz
Files:
a8baf0c0ed8213f3bdef27f713272ad2 2300 libs optional libssh_0.6.3-4.3.dsc
449777b2c7d5550d227784264e55e626 19220 libs optional
libssh_0.6.3-4.3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWzK6dAAoJEAVMuPMTQ89ETHcP/RDcqwq5EtdK1uySrQGGT9sQ
edM9pVXTtjyPzkFATauUNXjJ86x2u07s6r1pLnMzTQf1aG3GiKgrMwWcoKWQi5oe
5CkWNIhLXLrFRRNMRIxPZVapOwLngRKoXfF/aNf7ZUsKzGc4dKjofcq7E1zQ9+ka
c8vnTTR66TKlyo05IAZA3UvEl2V4iszM2yOjWnE7a9oCWh+DW5EoMTYLGszv9RPt
Yvb0QyAcSr5DPHLQJeE1dytjOsuXn78NfUsgQVHIEfjPK02QWzUVBUZ1dnOenO74
0HBDQDtRJdsf0V6BBlOro9sUn5sxXQ546cMpNfJ4ndqTA0kbpcimsqKoebVsAzEs
bOQsIJ2b/4E4TLV9dEW7g5ICt+3clGA7CC2N/WHawsCldxs8PlJ3QaLhMcc7rT0M
t+kAZBYs2NAuuk3B0FfNcJnsIWR+CoROIW8/PTzgUijk+YWty9JS00/icuFLvzSp
VDKAWBwAYXp3n781UDf9ArIaeIjmcZDJSWLYMNNoZoWbyUUbgk1K0C2/8pkEgRoz
PF3NFMJQmH7Dytf9NtSHFUQSmcHRdX7s0tW4jD12q0uIsSMFiaF47jjyKgPwJ6GA
LWhbnYhIxPGi3O7pNl4XDICTmT95HaMXZmbhgrP7AgIIrYjLSLdv4ZQOm0PkiChb
r8BzE/ZK0alwr5YG5QUO
=p+Wj
-----END PGP SIGNATURE-----
--- End Message ---
