commit libssh for openSUSE:Factory

Thu, 11 Sep 2025 05:38:11 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libssh for openSUSE:Factory checked 
in at 2025-09-11 14:37:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libssh (Old)
 and      /work/SRC/openSUSE:Factory/.libssh.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libssh"

Thu Sep 11 14:37:27 2025 rev:80 rq:1303518 version:0.11.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/libssh/libssh.changes    2025-06-27 
23:01:45.802388595 +0200
+++ /work/SRC/openSUSE:Factory/.libssh.new.1977/libssh.changes  2025-09-11 
14:37:39.651536649 +0200
@@ -1,0 +2,13 @@
+Tue Sep  9 15:19:24 UTC 2025 - Lucas Mulling <lucas.mull...@suse.com>
+
+- Update to 0.11.3
+  * Security:
+    * CVE-2025-8114: Fix NULL pointer dereference after allocation failure 
(bsc#1246974)
+    * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated 
wrong KEX (bsc#1249375)
+    * Potential UAF when send() fails during key exchange
+  * Bugfixes:
+    * Fix possible timeout during KEX if client sends authentication too early
+    * Cleanup OpenSSL PKCS#11 provider when loaded
+    * Zeroize buffers containing private key blobs during export
+
+-------------------------------------------------------------------

Old:
----
  libssh-0.11.2.tar.xz
  libssh-0.11.2.tar.xz.asc

New:
----
  libssh-0.11.3.tar.xz
  libssh-0.11.3.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libssh.spec ++++++
--- /var/tmp/diff_new_pack.aORHiG/_old  2025-09-11 14:37:40.207560141 +0200
+++ /var/tmp/diff_new_pack.aORHiG/_new  2025-09-11 14:37:40.211560309 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libssh
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
 %endif
 
 Name:           libssh%{pkg_suffix}
-Version:        0.11.2
+Version:        0.11.3
 Release:        0
 Summary:        The SSH library
 License:        LGPL-2.1-or-later

++++++ libssh-0.11.2.tar.xz -> libssh-0.11.3.tar.xz ++++++
++++ 2277 lines of diff (skipped)

Reply via email to