Your message dated Wed, 24 Feb 2016 23:18:25 +0000
with message-id <e1ayihn-0000li...@franck.debian.org>
and subject line Bug#815663: fixed in libssh 0.5.4-1+deb7u3
has caused the Debian Bug report #815663,
regarding libssh: CVE-2016-0739: Weak Diffie-Hellman secret generation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
815663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815663
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libssh
Version: 0.4.5-3
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libssh.
CVE-2016-0739[0]:
Weak Diffie-Hellman secret generation in libssh
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-0739
[1] https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.5.4-1+deb7u3
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 815...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Feb 2016 16:23:48 +0100
Source: libssh
Binary: libssh-4 libssh-dev libssh-dbg libssh-doc
Architecture: source all amd64
Version: 0.5.4-1+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Laurent Bigonville <bi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description:
libssh-4 - tiny C SSH library
libssh-dbg - tiny C SSH library. Debug symbols
libssh-dev - tiny C SSH library. Development files
libssh-doc - tiny C SSH library. Documentation files
Closes: 815663
Changes:
libssh (0.5.4-1+deb7u3) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-0739: Truncated Diffie-Hellman secret length (Closes: #815663)
Checksums-Sha1:
17a5e233212ea15d9c520cd6d5324f30face2d12 2038 libssh_0.5.4-1+deb7u3.dsc
429a29615657d14515af7a5df049558a19c82f93 12022
libssh_0.5.4-1+deb7u3.debian.tar.gz
7a129b0e41ab9578ad6efda8754d627d3990430f 273820
libssh-doc_0.5.4-1+deb7u3_all.deb
f5bab7cd6b075effc4981bae7c9fff916de98358 131162
libssh-4_0.5.4-1+deb7u3_amd64.deb
31b245b2817087a132465ff26518058be9cc59b7 184446
libssh-dev_0.5.4-1+deb7u3_amd64.deb
258483b50aa9ad3b6a96acecb705fef53f37934f 360890
libssh-dbg_0.5.4-1+deb7u3_amd64.deb
Checksums-Sha256:
fbbdd26b19f1d0d5a5bdb38b20a7a91952364a6541d08eee54dd4f95f9ca83d4 2038
libssh_0.5.4-1+deb7u3.dsc
066588214af8f0047e4f74b15773c17c515ffe4b4b4831fd5b5c6db34a0d02fb 12022
libssh_0.5.4-1+deb7u3.debian.tar.gz
205ff7b037570b1298f9bbc8d9a4842ec299fb48a2f99c168a9de05250456577 273820
libssh-doc_0.5.4-1+deb7u3_all.deb
73e73397e067b8412c7e6e999b96ccbf95263b94df4859dd251b4082c1ec4912 131162
libssh-4_0.5.4-1+deb7u3_amd64.deb
96de663ccd5d124e4b8787f759572720dde61de8b6486de5926069bfeeac5bf1 184446
libssh-dev_0.5.4-1+deb7u3_amd64.deb
a7d69f7d2cf38c4b0e2bc889f8ed3c60d4fa0800bc8c7c370beef92c0e4ae59e 360890
libssh-dbg_0.5.4-1+deb7u3_amd64.deb
Files:
183575b77dc43940ceb3f2aa16563b5a 2038 libs optional libssh_0.5.4-1+deb7u3.dsc
5e812e589c3e7ebd415b2d8062869e86 12022 libs optional
libssh_0.5.4-1+deb7u3.debian.tar.gz
4704811d8cb09b4328b996da13da0ec3 273820 doc optional
libssh-doc_0.5.4-1+deb7u3_all.deb
4a459305ab870c7ec057c2bbf59f4e6a 131162 libs optional
libssh-4_0.5.4-1+deb7u3_amd64.deb
6b883bc75ea4cae05c6c103307fe54f1 184446 libdevel optional
libssh-dev_0.5.4-1+deb7u3_amd64.deb
6b5ec67b8eac17cc8c6f840d23c1dce5 360890 debug extra
libssh-dbg_0.5.4-1+deb7u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWzHo4AAoJEAVMuPMTQ89EguoQAJX3faWXbUZ174fvxj/N/Oa/
7SwNLQyhVN+RovU0nw1gvyqmdwarjL43R8IvQBo22aildNDdzyQ/QG+duz8Ybv5U
bF25ged0FtisVFNphA0Hrn0eprJtnOsHvnc8Dp/5evglCrCoDoWBoEmpM/A7QHg7
9BlOwjjvRglxbGtH3Lv4so47k/O84lEDopQfWbnhkLxmbGCpy890JzDEk0gJNCur
BiCQeP+aJKd1ciLtiqBvyWUMrn+Y2NRmivRqoJFhn7fl9LPR3Hf5IFi/6JtdFdjB
tJChJpnONIG3kDA/n5dNW7CX2OhbWPPyIalH2UzQaTF6p14NiVlZECaez5LhfY2R
FxzwiXqDTjRQmre17TcV5NMgZjT74WOP2I6weIyosm5iskHhM1xRF0zdpIrMfd99
xqq1CcbHByEcswq3atneqwJDrlHJXLarsi3fJf80Y62vnPsrg4cW4VkqjfTCMg97
UhApBuyySjm4KE4EOet3GlpBweeQAAyBhNU5lKVbp1CsZMvoi5Fdmy5yX698YNby
PEvyMaeVjOA+8BOU5zNDAw12U4xAqITvi7d+IJIiK94mKN0f7e0Si0ChJNs79bMm
7sqcV8kTZKohgIENgqYwbixel8dY7/oqzSXVuKG6SMvNFIhLQe227/uYad7XuQCp
EUuaGIX60yQCwL3hAGmc
=Er+7
-----END PGP SIGNATURE-----
--- End Message ---
