Your message dated Sat, 21 Nov 2015 21:23:20 +0000
with message-id <[email protected]>
and subject line Bug#784404: fixed in libssh 0.6.3-4.2
has caused the Debian Bug report #784404,
regarding libssh: CVE-2015-3146: null pointer dereference due to a logical 
error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
784404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784404
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libssh
Version: 0.5.4-1
Severity: important
Tags: security upstream fixed-upstream

the following vulnerability was published for libssh.

CVE-2015-3146[0]:
| null pointer dereference due to a logical error in the handling of a
| SSH_MSG_NEWKEYS and KEXDH_REPLY packets

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3146
[1] https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libssh
Source-Version: 0.6.3-4.2

We believe that the bug you reported is fixed in the latest version of
libssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christopher Knadle <[email protected]> (supplier of updated libssh 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 16 Nov 2015 04:26:51 -0500
Source: libssh
Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg 
libssh-doc
Architecture: all source
Version: 0.6.3-4.2
Distribution: unstable
Urgency: medium
Maintainer: Laurent Bigonville <[email protected]>
Changed-By: Christopher Knadle <[email protected]>
Closes: 784404
Description: 
 libssh-4   - tiny C SSH library (OpenSSL flavor)
 libssh-dbg - tiny C SSH library. Debug symbols
 libssh-dev - tiny C SSH library. Development files (OpenSSL flavor)
 libssh-doc - tiny C SSH library. Documentation files
 libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor)
 libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor)
Changes:
 libssh (0.6.3-4.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/patches: Add 0002_CVE-2015-3146.patch from 0.6.5 release upstream
     (Closes: #784404)
Checksums-Sha1: 
 2b8f70013f56876f807bc572e2c74a5179594d42 2430 libssh_0.6.3-4.2.dsc
 edac78dcb50d15500e61ea58c0d3acbf3e853d26 18904 libssh_0.6.3-4.2.debian.tar.xz
 10e0231853d18b44d1549565feda76a35f45baf0 264744 libssh-doc_0.6.3-4.2_all.deb
Checksums-Sha256: 
 555679be7199d5ffd6255a96a5579b006784d3cc2afb0810dad3a5131be6e600 2430 
libssh_0.6.3-4.2.dsc
 1f6e3f8c39a00ed6cf3aef4c3351c4518f732aa05e74bd23d3524d5acf2572ac 18904 
libssh_0.6.3-4.2.debian.tar.xz
 fc10401277bc8432f13dc189b0129c07bf1c668a343b8e5d3cc16430ce4997bc 264744 
libssh-doc_0.6.3-4.2_all.deb
Files: 
 b5186b570210d5ca39bffa588f0fd597 2430 libs optional libssh_0.6.3-4.2.dsc
 413e658cf54e2a44af0839ed5efff627 18904 libs optional 
libssh_0.6.3-4.2.debian.tar.xz
 7f6cc445de1730b387f982722ae3a095 264744 doc optional 
libssh-doc_0.6.3-4.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWSi+iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGgToP/0i/hLZwO6/FbZAKltDAfJpf
2W/pkknEG1MJ32tVCoSgOpIfU//ML5QBDlwYKzQwfrMef9DcBrjPLAJmYLBw/R6j
ll5CBnn7JNcrxYyBHQ16ggtSAIeQvK5PixmIDqSkm7lbdSOCBt+oHnuPMnlNVfFW
9hPON+ibM9Q8QLes9ZjMAuLqVcBpkeiW9X/iPYqTL52UJ9DwLMFThDvdEWIlrC5S
K+Y+K9NN9r1xqQouLMBS73kWxontkdY2XUCCs9K82hBtklJMPiwj0Znh3/fAmDtq
2sLAbkkmGWC02VgePocubxqL91aOQ3t4m8U5T6DSPeDglutC8ydsPxki2wR0HCKC
9wXrZNCEtXP73IdyBgu4Iipsc/8E2Zrx71ZRlAi+BIMI0gB4grqEfhxbPcLshHEQ
cmJrm3yQPsIK388eLNTHccoxzFjm7CvfDHzuZBjZhQSaYTXFvePrP/8fJx/6f3jW
4Govj68c/wWrK5UvZwh2/WxyTQjwKDyX5rakgpw0czQ3gQYKQDkx6ElmuOvdwZTp
TGJpaEVhyR7eULololNUlZ++j/IMhWppMan/AjZVijPHVNcJwhPYVNjbONqToLI6
1CrhOM9epQHcYb1xnrL56ZnfV20nx307zxzBBJoknVpgBK6CLzw+psWV8m4Vz3uF
zjdKu6go/BKM6w0iO/Zz
=GmZ6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to