Bug#911149: marked as done (libssh: CVE-2018-10933: authentication bypass in server code)

[Debian Bug Tracking System]

Your message dated Tue, 16 Oct 2018 15:21:30 +0000
with message-id <e1gcra2-000hvs...@fasolo.debian.org>
and subject line Bug#911149: fixed in libssh 0.8.4-1
has caused the Debian Bug report #911149,
regarding libssh: CVE-2018-10933: authentication bypass in server code
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
911149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911149
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libssh
Version: 0.7.3-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerability was published for libssh.

CVE-2018-10933[0]:
authentication bypass in server code

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10933
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
[1] https://www.openwall.com/lists/oss-security/2018/10/16/1

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libssh
Source-Version: 0.8.4-1

We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 911...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Bigonville <bi...@debian.org> (supplier of updated libssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 16 Oct 2018 16:44:55 +0200
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-doc
Architecture: source amd64 all
Version: 0.8.4-1
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <bi...@debian.org>
Changed-By: Laurent Bigonville <bi...@debian.org>
Description:
 libssh-4   - tiny C SSH library (OpenSSL flavor)
 libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
 libssh-doc - tiny C SSH library. Documentation files
 libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
 libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Closes: 911149
Changes:
 libssh (0.8.4-1) unstable; urgency=medium
 .
   * New upstream version 0.8.4
     - Fix authentication bypass in server code (CVE-2018-10933 Closes: #911149)
   * debian/control: Bump Standards-Version to 4.2.1 (no further changes)
   * Fix documentation generation
   * debian/*.symbols: Add newly exported symbols
   * debian/libssh-gcrypt-4.lintian-overrides: Update lintian-overrides file
   * debian/rules: Re-enable unit testing, they were disabled by mistake since
     0.8.0
Checksums-Sha1:
 0df4a260c15282ff17b44d36b001f7dbe06d2ffd 2187 libssh_0.8.4-1.dsc
 31167827e6d86fcee77323e744e51dfc19739ad6 425848 libssh_0.8.4.orig.tar.xz
 0db32754f8367b91e3f49020cb11c3e2da98c5e8 833 libssh_0.8.4.orig.tar.xz.asc
 4a043b71c63099e358ccb4a4c4be2fc45a29deed 18176 libssh_0.8.4-1.debian.tar.xz
 5c91ff66062f4905864904c04494d31da534515a 567676 
libssh-4-dbgsym_0.8.4-1_amd64.deb
 6d63de560a323531a412776d668630e5130ef84f 195564 libssh-4_0.8.4-1_amd64.deb
 9b859c014aa6d29aec023b3ef3694141e32a684b 240056 libssh-dev_0.8.4-1_amd64.deb
 45e16709f6e18b0aa2d509ab48a9ce0de0e3c5c4 8689508 libssh-doc_0.8.4-1_all.deb
 98419ec2715d5d86487e435350cb6d2e580f3631 574192 
libssh-gcrypt-4-dbgsym_0.8.4-1_amd64.deb
 08a799319a256b2ac76af65ed72da71862ef329e 198836 
libssh-gcrypt-4_0.8.4-1_amd64.deb
 cb32ca50d0831a2ed098610ad9a157119c0c402d 240060 
libssh-gcrypt-dev_0.8.4-1_amd64.deb
 b98c7f957bd172282311049083a01f885976f106 10077 libssh_0.8.4-1_amd64.buildinfo
Checksums-Sha256:
 44f00d0c87db1976757f552782e901de6fc51fd0a80aa0785303d548ef4e757f 2187 
libssh_0.8.4-1.dsc
 6bb07713021a8586ba2120b2c36c468dc9ac8096d043f9b1726639aa4275b81b 425848 
libssh_0.8.4.orig.tar.xz
 7c6b84301578a5f2e10db13298fdb9b60eddebe5aceb3ad76b9019b7782cf3d9 833 
libssh_0.8.4.orig.tar.xz.asc
 569aad151f24e1ec611f3ad2d204cffad671698b92c88fe117eb3eec7f4ae5be 18176 
libssh_0.8.4-1.debian.tar.xz
 0e386063c066477fbcfd64c74eb07b0fcbbe3b870ba4953bf3be4544d7da31cc 567676 
libssh-4-dbgsym_0.8.4-1_amd64.deb
 e1176b23320f212bd2d4a71a76891b309b2fcb701098ea1bcc209154efe3fe5f 195564 
libssh-4_0.8.4-1_amd64.deb
 6bb4dafedf19796ceee956d38896816fcaf91a7324cdb5b3fabe12a1c9337bff 240056 
libssh-dev_0.8.4-1_amd64.deb
 bf70b448874d246fa27f2598020208eda03d6a02160b21ecc29da4459a289a76 8689508 
libssh-doc_0.8.4-1_all.deb
 843a199b4cb46a7cbce1d7b663416d0c28a34a0a8f7389e0f321a6447134fec8 574192 
libssh-gcrypt-4-dbgsym_0.8.4-1_amd64.deb
 90cc23c1a79868367af4af2edf8741bb876613f1f9ed8206f21c772b021efc7f 198836 
libssh-gcrypt-4_0.8.4-1_amd64.deb
 a154a02dfc51aafc40360cab8dd464f8ab623a04afd1c905f20e7a04c455c9fa 240060 
libssh-gcrypt-dev_0.8.4-1_amd64.deb
 04fdd4e237657902611b75018044af34660151402a5a2272a911784ae567cef4 10077 
libssh_0.8.4-1_amd64.buildinfo
Files:
 d052a46818befe3e445d6d51c55faf3c 2187 libs optional libssh_0.8.4-1.dsc
 ae3c5e3ea288a409b45f9664af2ac23a 425848 libs optional libssh_0.8.4.orig.tar.xz
 be55df6843d8d211278da471eccaa40c 833 libs optional libssh_0.8.4.orig.tar.xz.asc
 24075159849e871892284aa7dce4156b 18176 libs optional 
libssh_0.8.4-1.debian.tar.xz
 7a0ea4f4f99574c64cb6ac95bb686340 567676 debug optional 
libssh-4-dbgsym_0.8.4-1_amd64.deb
 f7032e8907b068027aa1c2282125a80d 195564 libs optional 
libssh-4_0.8.4-1_amd64.deb
 7949146f0e215609b2ca2e649630709e 240056 libdevel optional 
libssh-dev_0.8.4-1_amd64.deb
 b1db433b25d68f08ae005289804e86cf 8689508 doc optional 
libssh-doc_0.8.4-1_all.deb
 53e2c0b4e06e137d5c2ccd4d9c635fdd 574192 debug optional 
libssh-gcrypt-4-dbgsym_0.8.4-1_amd64.deb
 4cddd6ab0c2e633218fec41560fd9848 198836 libs optional 
libssh-gcrypt-4_0.8.4-1_amd64.deb
 79d71d83c344ec4ad0d2f5496bbbfc0e 240060 libdevel optional 
libssh-gcrypt-dev_0.8.4-1_amd64.deb
 be4dc922ca4c422a121c385eedd70adf 10077 libs optional 
libssh_0.8.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAlvF+wgRHGJpZ29uQGRl
Ymlhbi5vcmcACgkQH8WJHrqwQ9W76AgAhyUH06bTucrE+2upUJN02CDuUkwDNXSt
Zi+0n1qnNWetqqofJSwSqsxwLmgeRKKKwrilxiG/sP5hSNTBTFajzuk8QoOrTpsh
oP0CQp5mlEltO9XVxaHC2GPpElSmpjrJqoGQ40UewOwEmy1T7E/sfIJkjNGTWxlm
x/kosDK0wRkJELuMNpYuikxh6dsaSbbPFPk9OM7GU5x0xKFZu3nQ4u8MWeZMy2Jm
r6hIZcyytg7fInxrjEqmVq1bgYUhejb7aSofUjqGy5m5mM16KPFwgWgZ67hhv3Xf
LVAGXZx/pCjr+/on+MZMUF3mNIoZ4p2mnwXlb5iYFuvf+MtoOI9yoA==
=99HC
-----END PGP SIGNATURE-----

--- End Message ---