[ubuntu/cosmic-security] libssh 0.8.1-1ubuntu0.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Nov 29 14:37:03 UTC 2018
libssh (0.8.1-1ubuntu0.3) cosmic-security; urgency=medium
* SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
- debian/patches/CVE-2018-10933-regression.patch: set correct state
after sending INFO_REQUEST in src/server.c.
- debian/patches/CVE-2018-10933-regression2.patch: add missing break in
src/packet.c.
- debian/patches/CVE-2018-10933-regression3.patch: set correct state
after sending GSSAPI_RESPONSE in src/gssapi.c.
libssh (0.8.1-1ubuntu0.2) cosmic-proposed; urgency=medium
* Fix regressions with known_host parsing: ssh_session_is_known_server()
sometimes fails with SSH_SERVER_FOUND_OTHER if known_hosts contains
multiple key types for the target host. (LP: #1799665)
* Also backport fixes for some related bugs:
- Use all supported hostkey algorithms for negotiation
- Honor more host key algorithms than the first one (ssh-ed25519)
- Use the correct name for ECDSA keys for host key negotiation
Date: 2018-11-27 16:23:12.905233+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libssh/0.8.1-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Cosmic-changes
mailing list