[ubuntu-hardened] LibSSH2 vulns
Seth Arnold
seth.arnold at canonical.com
Tue Feb 14 07:23:14 UTC 2017
On Mon, Feb 13, 2017 at 10:44:06PM -0500, Brian Morton wrote:
> LibSSH2 is clearly affected by CVE-2016-0787 which should be a trivial fix.
> However after a careful review of the code, I believe the package is NOT
> affected by CVE-2016-0739. That appears to only affect libssh. Can anyone
> confirm/deny? I think the CVE notice for 2016-0739 should be updated to
Hi Brian, thanks for working on this. I couldn't find any code in libssh2
that looked remotely like the patch we used for CVE-2016-0739 in libssh.
Have those algorithms been removed entirely in libssh2?
> Once this is confirmed I'll package a fix for 2016-0787 by itself.
Excellent!
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170213/cfb4d8fd/attachment.pgp>
More information about the ubuntu-hardened
mailing list