[ubuntu/noble-proposed] libssh 0.10.5-3ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Dec 19 15:23:06 UTC 2023 

libssh (0.10.5-3ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
    - debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
    - debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
      lists for matching.
    - debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
      strict kex.
    - CVE-2023-48795

Date: Mon, 18 Dec 2023 17:18:26 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libssh/0.10.5-3ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 18 Dec 2023 17:18:26 -0500
Source: libssh
Built-For-Profiles: noudeb
Architecture: source
Version: 0.10.5-3ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libssh (0.10.5-3ubuntu2) noble; urgency=medium
 .
   * SECURITY UPDATE: Prefix truncation attack on BPP
     - debian/patches/CVE-2023-48795-1.patch: add client side mitigation.
     - debian/patches/CVE-2023-48795-2.patch: add server side mitigations.
     - debian/patches/CVE-2023-48795-3.patch: strip extensions from both kex
       lists for matching.
     - debian/patches/CVE-2023-48795-4.patch: tests: adjust calculation to
       strict kex.
     - CVE-2023-48795
Checksums-Sha1:
 077304ad53976651c976fbe613022e12ddca8950 2849 libssh_0.10.5-3ubuntu2.dsc
 eef757f6cded145b6a88f3399f7d6adfc2eab798 34528 libssh_0.10.5-3ubuntu2.debian.tar.xz
 eb36b1bd07e0f232c58b54f0402b706214914099 8363 libssh_0.10.5-3ubuntu2_source.buildinfo
Checksums-Sha256:
 88dbd005120cb2f2818a8a1e72722dfd71cb379f9f383e91407709c123d29c74 2849 libssh_0.10.5-3ubuntu2.dsc
 417c45e186d18ff1e6b19ac7248ad69a1b256d4cc72cf1b474a23199e6600c83 34528 libssh_0.10.5-3ubuntu2.debian.tar.xz
 5bb928a4f878456b211eeaa847346ba831593c47b478a62e3ff48e8ca72c5b97 8363 libssh_0.10.5-3ubuntu2_source.buildinfo
Files:
 a7892d186bfbc633706b30273c870674 2849 libs optional libssh_0.10.5-3ubuntu2.dsc
 7f48847bee119fe6abad4267f561257c 34528 libs optional libssh_0.10.5-3ubuntu2.debian.tar.xz
 84b34dd0e6ce0fa8bffbdfe947a4cccd 8363 libs optional libssh_0.10.5-3ubuntu2_source.buildinfo
Original-Maintainer: Laurent Bigonville <bigon at debian.org>

More information about the noble-changes mailing list