[ubuntu/cosmic-security] libssh 0.8.1-1ubuntu0.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 29 14:37:03 UTC 2018

libssh (0.8.1-1ubuntu0.3) cosmic-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

libssh (0.8.1-1ubuntu0.2) cosmic-proposed; urgency=medium

  * Fix regressions with known_host parsing: ssh_session_is_known_server()
    sometimes fails with SSH_SERVER_FOUND_OTHER if known_hosts contains
    multiple key types for the target host. (LP: #1799665)
  * Also backport fixes for some related bugs:
    - Use all supported hostkey algorithms for negotiation
    - Honor more host key algorithms than the first one (ssh-ed25519)
    - Use the correct name for ECDSA keys for host key negotiation

Date: 2018-11-27 16:23:12.905233+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Cosmic-changes mailing list