Hi, Reply-To: Salvatore Bonaccorso <[email protected]>, [email protected] Resent-From: Salvatore Bonaccorso <[email protected]> Resent-To: [email protected] Resent-CC: [email protected], [email protected], [email protected], Laurent Bigonville <[email protected]> X-Loop: [email protected] Resent-Date: Wed, 06 May 2015 04:57:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Debian-PR-Message: report 784404 X-Debian-PR-Package: src:libssh X-Debian-PR-Keywords: fixed-upstream security upstream X-Debian-PR-Source: libssh Received: via spool by [email protected] id=B.14308881018304 (code B); Wed, 06 May 2015 04:57:01 +0000 Received: (at submit) by bugs.debian.org; 6 May 2015 04:55:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02 (2014-02-07) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-4.7 required=4.0 tests=BAYES_00,FROMDEVELOPER,PUSSY, RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,XMAILER_REPORTBUG,X_DEBBUGS_CC autolearn=ham autolearn_force=no version=3.4.0-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 17; hammy, 103; neutral, 32; spammy, 1. spammytokens:0.957-+--H*r:bugs.debian.org hammytokens:0.000-+--H*F:U*carnil, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug Received: from 84-75-170-174.dclient.hispeed.ch ([84.75.170.174] helo=eldamar.local) by buxtehude.debian.org with esmtp (Exim 4.80) (envelope-from <[email protected]>) id 1YprML-00029j-0P for [email protected]; Wed, 06 May 2015 04:55:01 +0000 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Salvatore Bonaccorso <[email protected]> To: Debian Bug Tracking System <[email protected]> Message-ID: <[email protected]> X-Mailer: reportbug 6.6.3 Date: Wed, 06 May 2015 06:54:58 +0200 Delivered-To: [email protected]
Source: libssh Version: 0.5.4-1 Severity: important Tags: security upstream fixed-upstream the following vulnerability was published for libssh. CVE-2015-3146[0]: | null pointer dereference due to a logical error in the handling of a | SSH_MSG_NEWKEYS and KEXDH_REPLY packets If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3146 [1] https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/ Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
