[ubuntu/focal-proposed] libssh 0.9.0-1ubuntu5 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Dec 11 15:00:13 UTC 2019
libssh (0.9.0-1ubuntu5) focal; urgency=medium
* SECURITY UPDATE: unsanitized location in scp could lead to unwanted
command execution
- debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
tests/client/CMakeLists.txt, tests/client/torture_scp.c.
- debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
- debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
the server in src/scp.c.
- debian/patches/CVE-2019-14889-4.patch: add function to quote file
names in include/libssh/misc.h, src/misc.c.
- debian/patches/CVE-2019-14889-5.patch: add unit tests for
ssh_quote_file_name() in tests/unittests/torture_misc.c.
- debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
than 32kb in src/scp.c.
- debian/patches/CVE-2019-14889-7.patch: quote location to be used on
shell in src/scp.c.
- CVE-2019-14889
Date: Wed, 11 Dec 2019 09:48:38 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libssh/0.9.0-1ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Dec 2019 09:48:38 -0500
Source: libssh
Architecture: source
Version: 0.9.0-1ubuntu5
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
libssh (0.9.0-1ubuntu5) focal; urgency=medium
.
* SECURITY UPDATE: unsanitized location in scp could lead to unwanted
command execution
- debian/patches/CVE-2019-14889-1.patch: add tests for SCP client in
tests/client/CMakeLists.txt, tests/client/torture_scp.c.
- debian/patches/CVE-2019-14889-2.patch: reformat code in scp/scp.c.
- debian/patches/CVE-2019-14889-3.patch: log SCP warnings received from
the server in src/scp.c.
- debian/patches/CVE-2019-14889-4.patch: add function to quote file
names in include/libssh/misc.h, src/misc.c.
- debian/patches/CVE-2019-14889-5.patch: add unit tests for
ssh_quote_file_name() in tests/unittests/torture_misc.c.
- debian/patches/CVE-2019-14889-6.patch: don't allow file path longer
than 32kb in src/scp.c.
- debian/patches/CVE-2019-14889-7.patch: quote location to be used on
shell in src/scp.c.
- CVE-2019-14889
Checksums-Sha1:
88898b6eb17a83a8900eabf58d2a4cbcce87f72d 2530 libssh_0.9.0-1ubuntu5.dsc
2f167aa97bf3ffd2486e8fce7c3479407b411bb5 37924 libssh_0.9.0-1ubuntu5.debian.tar.xz
c6c60b81d7a7ce036728331d91c5ebdf76704f34 8043 libssh_0.9.0-1ubuntu5_source.buildinfo
Checksums-Sha256:
f1dfe8beea41c82c3f7aab10fad0074a5b2b503f88ee3a1159c6c96417fbf79b 2530 libssh_0.9.0-1ubuntu5.dsc
9f95e62446289df0f47370b5e00e6784fde17c476b6aa439b553494c1adc0210 37924 libssh_0.9.0-1ubuntu5.debian.tar.xz
6a2bece41c9a9dd454f1caa22fa2ebcfa9e49b465696c90cfd689858aca33874 8043 libssh_0.9.0-1ubuntu5_source.buildinfo
Files:
9d68c290018a24164ef7566f64a4cab7 2530 libs optional libssh_0.9.0-1ubuntu5.dsc
8c742d19162a17e80a12ddfa61872071 37924 libs optional libssh_0.9.0-1ubuntu5.debian.tar.xz
ddf11fa2167a06bac8bb4689b9924bb3 8043 libs optional libssh_0.9.0-1ubuntu5_source.buildinfo
Original-Maintainer: Laurent Bigonville <bigon at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl3xA4sACgkQZWnYVadE
vpPokA//SbNi5B2NgeZlAC+DWAqT3GcNd36X8p0UOp7WhjZbr5elR9HvbOQLwe6u
pK7dU7PKVvo3KeMr2Y2bLVp0wVWow+97OTuIzL52AaD5hjaFup+H6QPy/yYAcYG9
BUzHYS2PIPoHSnWtCrinDca7eMLLxKurYxlpkktj+wzipqIxlGc7K7Yj7i7Yq1j5
3kQWP3kZsj7qekuVEuUE42H6700EhAANhLXNG5VbUIull/aVoQ01AbjRHwl2ZenB
TI1JRXDzHDowYwno/oqXCd/+DnMiTeEMisB5PwFs69CqUozBXTE3fZbltcq5RYQ6
aXfZtCmSaY24Yr6avZSvuDuNCm7kYbhGreUugryvtFoIReMmlG5k4e77Q2LxZL1p
TVdVrA44U7ZXTStoakV3ivCJTqq8g+VMb1Gba5PKHHqYwOz7qHTuEzjp5HMQdFaJ
y5YXdK3nNaxmcScpGGaPww5UL5gFu9mHFyRzqA4E3rI9ip1pbP5aUEkCpb9eEUJ3
68Jp/Crh3xptQ2IzWl3RvsEgw3j/s150+qtEpzwHL56UuKdQSpKFmQSYJYapFzsV
8xMt4/Y6nbcVtI4OzgclF96F9W9htrIbm7w9/iRgRn3HKfsM2GJi/6XiKLf24wZk
/lW6y+RGv09GfBcdsPH7Jx+qtQoD8V9ynFlhUtDC56se1Vt1GU4=
=UxXv
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list