Your message dated Sat, 20 Oct 2018 09:48:13 +0000
with message-id <e1gdnrh-000fkm...@fasolo.debian.org>
and subject line Bug#911149: fixed in libssh 0.7.3-2+deb9u1
has caused the Debian Bug report #911149,
regarding libssh: CVE-2018-10933: authentication bypass in server code
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
911149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911149
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libssh
Version: 0.7.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for libssh.
CVE-2018-10933[0]:
authentication bypass in server code
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
[1] https://www.openwall.com/lists/oss-security/2018/10/16/1
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.7.3-2+deb9u1
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 911...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Oct 2018 21:18:05 +0200
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-doc
Architecture: source
Version: 0.7.3-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Laurent Bigonville <bi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 911149
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
libssh-doc - tiny C SSH library. Documentation files
libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Changes:
libssh (0.7.3-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Authentication bypass vulnerability (CVE-2018-10933) (Closes: #911149)
Checksums-Sha1:
25a69b05e8cff4da0aafff8f1f0fe7595a58966f 2463 libssh_0.7.3-2+deb9u1.dsc
9de2a8fde51aa7b7855008fafd5bf47ebb01289f 350464 libssh_0.7.3.orig.tar.xz
acba19d8f2af993e50fc74c95840b1e7b44b4e6a 24944
libssh_0.7.3-2+deb9u1.debian.tar.xz
Checksums-Sha256:
9a3e129ffb7bdf8538e55faa9aa5f9efbfe8831a1e0eae7c969a1de6fcecc928 2463
libssh_0.7.3-2+deb9u1.dsc
26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98 350464
libssh_0.7.3.orig.tar.xz
21e1bdf45dc7b592534c2dfa77b69dfe4800e0b3991e386139ab871d7510403c 24944
libssh_0.7.3-2+deb9u1.debian.tar.xz
Files:
4f59bd89d1051d14b12ec5073d0adc3a 2463 libs optional libssh_0.7.3-2+deb9u1.dsc
05465da8004f3258db946346213209de 350464 libs optional libssh_0.7.3.orig.tar.xz
fb84cfbdbd852058eedb3b28076a86b3 24944 libs optional
libssh_0.7.3-2+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlvGOntfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EF4oP+waGPNml/v5vwO+qDP25QWDvgR04TotI
roar91QMGk1DXci9jX3MaWh4S8CaEJrj8C4QJTruSw54VYT6cGHFOroiZmjZ2byC
UGqpe95hftKBg11H7pA8SmUeaAabWwGfOlcOrZJtqKkUHGuNvn6vmircXfGuD37z
0asFe0T/sQft9/PQ0/M6B6mkCQwJTS0ORfTnTi6wG7xUdTlZNoHadFwxfo+qSw26
AAI5ERsQBJuXaqGEg4sq5E1XeLRPNciKOlTfIM8ziatCdh7AbQsQvwWKPldZ3j+1
NthHOtIoP4c24pKbCUh9yAM1SWLb2dBWxtiZoZjMIj53Um1LvmmD9QwX/JTaKSBm
1Mz3e36tRSTVMOVDcfDqKKI0XJ1uF3ttsQ+27g0MQvkJc6UMkjlB7mVyCHW/SYfA
ze7VG1DZmAJTcyO+qmnNYh4DDLShAzocLuWc3uuHM8jufb0x2mT7hbKHYDQObQgv
fcIl+InAbTG1XjwEmQhq8DiVJQxSTFdZK6kRtO8eQB4rgdvUPWDMYiv4oC0WL1Db
R0RwvxIX8NOYb6svqN8iR/bRVnNhfJJiaH0Csz1Li3XCfrwnPwF7Bi35twNeHBFU
yHSBrTK1WukeMYLZFiMASK7mPs0y1V6vl/Cqq4WPcdBBkrtm2ntNfsyt0lY1F05X
2UqYSj0Pe6De
=NETr
-----END PGP SIGNATURE-----
--- End Message ---
