Your message dated Mon, 26 Jan 2015 23:48:27 +0000
with message-id <[email protected]>
and subject line Bug#773577: fixed in libssh 0.6.3-4
has caused the Debian Bug report #773577,
regarding libssh: CVE-2014-8132: Double free on dangling pointers in initial
key exchange packet
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773577
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libssh
Version: 0.5.4-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for libssh.
CVE-2014-8132[0]:
Possible double free on a dangling pointer with crafted kexinit packet
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8132
[1] http://www.libssh.org/security/advisories/CVE-2014-8132.txt
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.6.3-4
We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laurent Bigonville <[email protected]> (supplier of updated libssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Jan 2015 00:28:01 +0100
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg
libssh-doc
Architecture: source amd64 all
Version: 0.6.3-4
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <[email protected]>
Changed-By: Laurent Bigonville <[email protected]>
Description:
libssh-4 - tiny C SSH library (OpenSSL flavor)
libssh-dbg - tiny C SSH library. Debug symbols
libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
libssh-doc - tiny C SSH library. Documentation files
libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Closes: 773577
Changes:
libssh (0.6.3-4) unstable; urgency=medium
.
* Add debian/patches/0001_CVE-2014-8132.patch: Fixup error path in
ssh_packet_kexinit() (Closes: #773577, CVE-2014-8132)
Checksums-Sha1:
ea961b7bbe434969450503de4665f84184c43a56 1946 libssh_0.6.3-4.dsc
75f7e6b4342bfd5856f92dc93b43226d47ca4190 17068 libssh_0.6.3-4.debian.tar.xz
b86e4aab7f6ee383e13be154b1cf2a13e8ac9389 128658 libssh-4_0.6.3-4_amd64.deb
25890403321449c01964e832bb7223e82f612af6 128706
libssh-gcrypt-4_0.6.3-4_amd64.deb
e82a32e8df5e8e55b236a0aa46556e0372ffc49f 161366 libssh-dev_0.6.3-4_amd64.deb
6fdee85c0b5deab483e6579e843981f48eb85fee 161134
libssh-gcrypt-dev_0.6.3-4_amd64.deb
a16f24e4ff1265e77ba5e313f9e13356ec054fae 767728 libssh-dbg_0.6.3-4_amd64.deb
e025527b2d89a1183d23c8cc2e80c7ac8b0f15ff 199452 libssh-doc_0.6.3-4_all.deb
Checksums-Sha256:
a7a0e29d29ed6597f6265096845a2c4a2b46eb56971764652ece1b0e074f8fd1 1946
libssh_0.6.3-4.dsc
75787b80d016b3aeb1f6805b0ec7373273b47ef8b8bf5383640eb7b09456810d 17068
libssh_0.6.3-4.debian.tar.xz
c467f8cbd1b8dcec66e71973463a01ebd5b9a5599a028aff1a4c10b74dae1eed 128658
libssh-4_0.6.3-4_amd64.deb
fbfd934d5c0e902252b65e5109de419f0944f2005981644129531ffda6767a04 128706
libssh-gcrypt-4_0.6.3-4_amd64.deb
a5dae726867510fc47e5e8e5e8da4cd8e1955de4951f7069d49449717537176e 161366
libssh-dev_0.6.3-4_amd64.deb
77029b16f8fe7755aa6858dca9818195f882e36adc1f1358176a6603f272633a 161134
libssh-gcrypt-dev_0.6.3-4_amd64.deb
d7b2f21792b26806c2763f644636f5c065a1d6f9f451c91ff036de61267696ae 767728
libssh-dbg_0.6.3-4_amd64.deb
0eeb8b36cb622486f9fb28fdcb87d15054ed0a7dcfe9f62f04d681f838682dd8 199452
libssh-doc_0.6.3-4_all.deb
Files:
464ef9db4456d96852522eea8f57a091 1946 libs optional libssh_0.6.3-4.dsc
0b3a678aed649c8cb47cf753c3e419de 17068 libs optional
libssh_0.6.3-4.debian.tar.xz
4d4fd5970231fc3437afd8251c923d72 128658 libs optional
libssh-4_0.6.3-4_amd64.deb
c3cd95ec1632bf6f0f5e386c72302ade 128706 libs optional
libssh-gcrypt-4_0.6.3-4_amd64.deb
e8e93139eb483d5e516bc417fc06d6d8 161366 libdevel optional
libssh-dev_0.6.3-4_amd64.deb
3fe16ddf050bfc48a2a6196b63fbc44b 161134 libdevel optional
libssh-gcrypt-dev_0.6.3-4_amd64.deb
a718bcb583a73c7195d3f8cddab4b8b1 767728 debug extra
libssh-dbg_0.6.3-4_amd64.deb
7f97b3d4a140f4357bf21d388538744e 199452 doc optional libssh-doc_0.6.3-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJUxs+oAAoJEB/FiR66sEPVbkIIAISfpEcvhAjxV+siEOqDKnq0
2kFn5FJC5htIgZw/sa/7jyuYdRLkzBk6EvS1fvQyRd9KVoaYaCxf9DgcF8WxlecI
o51260q0KOgi2DUUMq6ZVDIRDfsrMHbM7GLNXkGs3HYmA8Zk+fPLtgeR/VaYK948
pfMDBu6/h/hZpoerug8ccDb3hgL2tF1UD6pPWZ0nPl0XvO4B0dwfgdrIyt69PoEX
OH5vxHYM8gtUUyd5g13zv2ZkAxAAMamVsG6rsnnSmhw/uYoOrqyAVwvZG52Z6fhb
Unjopl1S3MV8WLUYucoWOSGEuiSswuAMCkNXYzCEus0CiZJjw/cFofIjQvovcT8=
=x7OJ
-----END PGP SIGNATURE-----
--- End Message ---
