Ubuntu
libssh2 package

Change log for libssh2 package in Ubuntu

148 of 48 results FirstPreviousNextLast
Published in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular) 
libssh2 (1.11.0-5) unstable; urgency=medium

  * Mark builddep openssh-server with <!nocheck> (Closes: #1066111)
  * d/copyright add missing license and author in src/bcrypt_pbkdf.c
    and add missing author in src/blowfish.c (Closes: #1071566)
  * d/control: upgrade standards version to 4.7.0
  * d/patches: Add mention Forwarded to patches

 -- Nicolas Mora <email address hidden>  Thu, 25 Apr 2024 07:35:58 -0400
Superseded in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
libssh2 (1.11.0-4.1build2) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 07:59:27 +0000
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
libssh2 (1.11.0-4.1build1) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Mon, 04 Mar 2024 18:28:36 +0000
Superseded in noble-proposed 
libssh2 (1.11.0-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.  Closes: #1062637

 -- Graham Inggs <email address hidden>  Wed, 28 Feb 2024 19:03:07 +0000

Available diffs

Published in mantic-updates
Published in mantic-security 
libssh2 (1.11.0-2ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
      in src/kex.c, src/libssh2_priv.h, src/packet.c, src/packet.h,
      src/session.c, src/transport.c.
    - CVE-2023-48795

 -- Marc Deslauriers <email address hidden>  Wed, 10 Jan 2024 12:32:11 -0500
Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
libssh2 (1.11.0-4) unstable; urgency=medium

  * d/patch: Add patch for Terrapin attack
    Fixes CVE-2023-48795 (Closes: #1059005)
  * d/copyright: Update copyright years

 -- Nicolas Mora <email address hidden>  Tue, 19 Dec 2023 17:33:18 -0500

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
libssh2 (1.11.0-3) unstable; urgency=medium

  * d/patch: Backport PR-1241 from upstream (Closes: #1056348)

 -- Nicolas Mora <email address hidden>  Tue, 28 Nov 2023 13:12:56 -0500

Available diffs

Published in bionic-updates
Published in bionic-security 
libssh2 (1.8.0-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: out of bounds memory access
    - debian/patches/CVE-2020-22218.patch: adds check for uninitialized
      variable total_num in _libssh2_transport_read of src/transport.c.
    - CVE-2020-22218

 -- Ian Constantin <email address hidden>  Thu, 14 Sep 2023 12:01:35 +0300
Published in focal-updates
Published in focal-security 
libssh2 (1.8.0-2.1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: out of bounds memory access
    - debian/patches/CVE-2020-22218.patch: adds check for uninitialized
      variable total_num in _libssh2_transport_read of src/transport.c.
    - CVE-2020-22218

 -- Ian Constantin <email address hidden>  Thu, 14 Sep 2023 12:04:15 +0300
Superseded in noble-release
Published in mantic-release
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
libssh2 (1.11.0-2) unstable; urgency=medium

  * upload to unstable
  * d/patch: re-enable sshd tests (Thanks Paul Howarth)

 -- Nicolas Mora <email address hidden>  Fri, 09 Jun 2023 07:36:08 -0400

Available diffs

Superseded in mantic-release
Published in lunar-release
Obsolete in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
libssh2 (1.10.0-3) unstable; urgency=medium

  * d/patches: Fix ssh2.sh test (Closes: #1006379)
  * d/control: Add openssh-server in Build-Depends
  * d/tests/control: Add openssh-server in Depends
  * d/copyright: Update copyright years

 -- Nicolas Mora <email address hidden>  Tue, 01 Mar 2022 19:23:12 -0500
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
libssh2 (1.10.0-2build1) jammy; urgency=medium

  * No-change rebuild against openssl3

 -- Simon Chopin <email address hidden>  Tue, 23 Nov 2021 17:59:14 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
libssh2 (1.10.0-2) unstable; urgency=medium

  * Upload to unstable
  * d/control: upgrade standards version to 4.6.0

 -- Nicolas Mora <email address hidden>  Sat, 25 Sep 2021 08:43:37 -0400

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
libssh2 (1.9.0-3) unstable; urgency=medium

  * d/rules: Build with openssl instead of libgcrypt (Closes: #668271)
  * d/tests: Build with openssl instead of libgcrypt

 -- Nicolas Mora <email address hidden>  Sat, 27 Mar 2021 08:21:05 -0400

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
libssh2 (1.9.0-2) unstable; urgency=medium

  * d/control: Fix VCS URIs
  * d/control: add zlib1g-dev as dependency for libssh2-1-dev

 -- Nicolas Mora <email address hidden>  Mon, 14 Dec 2020 10:02:16 -0500

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
libssh2 (1.9.0-1) unstable; urgency=low

  [ Mikhail Gusarov ]
  * New upstream release (1.9.0) (Closes: #887976 #959881)
    - Drop patches applied upstream:
      - ced924b78a40126606797ef57a74066eb3b4b83f.patch
      - CVE-2019-3855.patch
      - CVE-2019-3856.patch
      - CVE-2019-3857.patch
      - CVE-2019-3858.patch
      - CVE-2019-3859.patch
      - CVE-2019-3860.patch
      - CVE-2019-3861.patch
      - CVE-2019-3862.patch
      - CVE-2019-3863.patch
      - Fixed-misapplied-patch-327.patch
      - moved-MAX-size-declarations-330.patch
    - Fixes CVE-2019-13115 (Closes: #932329).
  * Acknowledge NMU 1.8.0-2.1, thanks to carnil@.
  * Add debian/patches/CVE-2019-17498.patch, fixing CVE-2019-17498
    (Closes: #943562).
  * debian/copyright: Update upstream link to be https (Closes: #923088)

  [ Nicolas Mora ]
  * New maintainer (Closes: #975617)
  * d/control: Update Standards-Version to 4.5.1
  * d/control: Uses debhelper-compat to version 13
  * d/control: Adds Rules-Requires-Root: no
  * d/watch : upgrade version to 4 (no changes)
  * d/upstream: Add metadata file
  * d/tests: add autopkgtests
  * d/control: Add VCS URIs

 -- Nicolas Mora <email address hidden>  Sat, 05 Dec 2020 16:15:24 -0500
Superseded in hirsute-release
Obsolete in groovy-release
Published in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
libssh2 (1.8.0-2.1build1) eoan; urgency=medium

  * No-change upload with strops.h and sys/strops.h removed in glibc.

 -- Matthias Klose <email address hidden>  Thu, 05 Sep 2019 11:00:41 +0000
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release) 
libssh2 (1.8.0-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * Possible integer overflow in transport read allows out-of-bounds write
    (CVE-2019-3855) (Closes: #924965)
  * Possible integer overflow in keyboard interactive handling allows
    out-of-bounds write (CVE-2019-3856) (Closes: #924965)
  * Possible integer overflow leading to zero-byte allocation and
    out-of-bounds write (CVE-2019-3857) (Closes: #924965)
  * Possible zero-byte allocation leading to an out-of-bounds read
    (CVE-2019-3858) (Closes: #924965)
  * Out-of-bounds reads with specially crafted payloads due to unchecked use
    of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
    (Closes: #924965)
  * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
    (Closes: #924965)
  * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
    (Closes: #924965)
  * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
  * Integer overflow in user authenicate keyboard interactive allows
    out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
  * Fixed misapplied patch for user auth.
  * moved MAX size declarations

 -- Salvatore Bonaccorso <email address hidden>  Sun, 31 Mar 2019 16:06:20 +0200

Available diffs

Published in trusty-updates
Published in trusty-security 
libssh2 (1.4.3-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2015-1782.patch: kex: bail out on rubbish in the
      incoming packet
    - CVE-2015-1782

 -- Mike Salvatore <email address hidden>  Thu, 14 Feb 2019 09:23:46 -0500
Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
libssh2 (1.8.0-2) unstable; urgency=low

  * Add missing zlib1g-dev dependency (Closes: #900558).
  * Remove manual -dbg package and corresponding override in d/rules.
  * Update Homepage, copyright and tarball download URL to use https.
  * Clean spurious EOL whitespace from d/changelog.
  * Add signature check to debian/watch.
  * Update debhelper compatibility (and dependency).
  * Remove no longer needed explicit dh --parallel flag
  * Enable full hardening mode.
  * Update packaging copyright years.
  * Bump Standards-Version.

 -- Mikhail Gusarov <email address hidden>  Sat, 23 Jun 2018 21:45:38 +0200

Available diffs

Superseded in cosmic-release
Published in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release) 
libssh2 (1.8.0-1) unstable; urgency=low

  * New upstream release.
    - Refresh 0001-Add-lgpg-error-to-.pc-to-facilitate-static-linking.patch
    - Refresh 0001-Do-not-expose-private-libraries-nor-link-flags-to-us.patch
    - Take ced924b78a40126606797ef57a74066eb3b4b83f.patch from upstream
  * Do not build against OpenSSL even if libssl-dev is installed
    (Closes: #857793).

 -- Mikhail Gusarov <email address hidden>  Thu, 16 Mar 2017 00:56:58 +0100
Superseded in trusty-updates
Superseded in trusty-security 
libssh2 (1.4.3-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden>  Thu, 16 Feb 2017 11:47:00 -0500
Published in precise-updates
Published in precise-security 
libssh2 (1.2.8-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden>  Thu, 16 Feb 2017 16:15:00 -0500
Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
libssh2 (1.7.0-1ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden>  Tue, 14 Feb 2017 22:51:13 -0500
Published in xenial-updates
Published in xenial-security 
libssh2 (1.5.0-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden>  Tue, 14 Feb 2017 23:33:00 -0500
Obsolete in yakkety-updates
Obsolete in yakkety-security 
libssh2 (1.7.0-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden>  Tue, 14 Feb 2017 22:51:13 -0500
Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
libssh2 (1.7.0-1) unstable; urgency=low

  * New upstream release(Closes: #825097).
    - Refresh patches.
  * Bump Standards-Version, no changes required.

 -- Mikhail Gusarov <email address hidden>  Fri, 22 Jul 2016 09:05:27 +0200

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
libssh2 (1.5.0-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2016-0787: bits/bytes confusion resulting in truncated
    Diffie-Hellman secret length (Closes: #815662)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 23 Feb 2016 20:22:46 +0100

Available diffs

Superseded in yakkety-release
Published in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
libssh2 (1.5.0-2) unstable; urgency=medium


  * Fix ABI by linking to gcrypt again (Closes: #781507)

 -- Mikhail Gusarov <email address hidden>  Mon, 30 Mar 2015 11:43:48 +0200

Available diffs

Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
libssh2 (1.4.3-4.1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Add 0003-CVE-2015-1782.patch.
    CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded. (Closes: #780249)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 11 Mar 2015 12:08:30 +0100

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
libssh2 (1.4.3-4) unstable; urgency=low


  * Update description to mention SFTPv5 support
    (Closes: #671199).
  * Add -lgpg-error to .pc file to fix static linking against libgcrypt
    (Closes: #760359).

 -- Mikhail Gusarov <email address hidden>  Wed, 03 Sep 2014 15:49:23 +0200

Available diffs

Superseded in vivid-release
Obsolete in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
libssh2 (1.4.3-3) unstable; urgency=low


  * Do not expose private libraries nor link flags to users of libssh2
    (Closes: #747417).
  * Rebuild with libgcrypt20 (Closes: #744829).
  * Fix typos in manpages.
  * Bump Standards-Version, no changes required.

 -- Mikhail Gusarov <email address hidden>  Mon, 19 May 2014 10:23:27 +0200

Available diffs

Superseded in utopic-release
Published in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
libssh2 (1.4.3-2) unstable; urgency=medium


  * Make package multi-arch-aware (Closes: #731310).
  * Bump Standards-Version, no changes required.

 -- Mikhail Gusarov <email address hidden>  Wed, 04 Dec 2013 21:29:00 +0100

Available diffs

Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
libssh2 (1.4.3-1) unstable; urgency=low


  * New upstream release.
    - Drop debian/patches/with-gcrypt.patch, applied upstream.
  * Incorporate 1.4.2-1.1 NMU by Dmitry. Thanks!

 -- Mikhail Gusarov <email address hidden>  Tue, 21 May 2013 12:09:00 +0200

Available diffs

Superseded in saucy-release
Obsolete in raring-release
Obsolete in quantal-release 
libssh2 (1.4.2-1.1) unstable; urgency=medium


  * Non-maintainer upload.
  * Added patch to fix pkg-config/libgcrypt dependency (Closes: #675785).
  * Install upstream ChangeLog (Closes: #675782).
  * debian/control:
    + libssh2-1-dev to depend on libgcrypt11-dev.
    + added Homepage field.

 -- Dmitry Smirnov <email address hidden>  Sat, 04 Aug 2012 19:13:21 +1000

Available diffs

Superseded in quantal-release 
libssh2 (1.4.2-1) unstable; urgency=low


  * New upstream release.

 -- Mikhail Gusarov <email address hidden>  Mon, 28 May 2012 17:41:48 +0200

Available diffs

Superseded in quantal-release 
libssh2 (1.4.1-1) unstable; urgency=low


  * New upstream release.
    - Drop debian/patches/undefined-libssh-error.patch, upstream.

 -- Mikhail Gusarov <email address hidden>  Sun, 08 Apr 2012 16:39:12 +0200

Available diffs

Superseded in quantal-release
Published in precise-release 
libssh2 (1.2.8-2) unstable; urgency=low

  * Fix version in pkg-config file (Closes: #637670).
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  17 Oct 2011 11:11:04 +0000

Available diffs

Superseded in precise-release
Obsolete in oneiric-release 
libssh2 (1.2.8-1) unstable; urgency=low

  * New upstream release.

Available diffs

Superseded in oneiric-release
Obsolete in natty-release
Obsolete in maverick-release 
libssh2 (1.2.6-1) unstable; urgency=low

  * New upstream release.
    - Update symbols file. libssh2_error and libssh2_kex_exchange symbols
      were unexported, being private.
  * Simplify package description (Closes: #580325).
  * Update Maintainer field to use my @debian.org address.
  * Convert debian/copyright to machine-readable format.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  11 Jun 2010 08:34:54 +0100

Available diffs

Superseded in maverick-release 
libssh2 (1.2.5-1) unstable; urgency=low

  * New upstream release.
    - Update symbols file.
  * Convert to source format 3.0 (quilt)
  * Bump Standards-Version to 3.8.4, no changes needed.

Available diffs

Superseded in maverick-release
Obsolete in lucid-release 
libssh2 (1.2.2-1) unstable; urgency=low
  
  * New upstream release.

  * Run autoreconf during build to update libtool/automake/autoconf
    generated files (Closes: #558523).
    - Expand list of files to stash before build and to restore after.

  * Remove disable_example_compilation.patch, example compilation does not
    hurt anyone.
    - Remove quilt from Build-Depends,
    - Stop call patch/unpatch in debian/rules,
    - Remove README.source.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  05 Jan 2010 00:31:47 +0000

Available diffs

Superseded in lucid-release 
libssh2 (1.2.1-2) unstable; urgency=low

  * Install libssh2.pc (Closes: #554437)
 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  17 Nov 2009 17:46:19 +0000

Available diffs

Superseded in lucid-release 
libssh2 (1.2.1-1) unstable; urgency=low

  * debian/watch:
    - update to match changed upstream download location.
  * debian/rules:
    - adjust "keep files" list in order to produce clean .diff.gz
    - avoid installing .gitignore alongside the examples
    - stylistic fixes
  * debian/control:
    - bump Standards-Version, no changes required.

Available diffs

Superseded in lucid-release
Obsolete in karmic-release 
libssh2 (1.1-1) unstable; urgency=low

  * New upstream release.
    - Dropped unexport-private-symbols.patch, applied upstream.
    - Dropped fix_manpage.patch, applied upstream.
    - Lots of private symbols were un-exported, adjusting
      libssh2-1.symbols
  * Updating Standards-Version to 3.8.1, no changes required.

Available diffs

Superseded in karmic-release
Obsolete in jaunty-release
Obsolete in intrepid-release
Obsolete in hardy-release 
libssh2 (0.18-1) unstable; urgency=low

  * New upstream release
    - Removed 'CVS directories in tarball' lintian override.
  
  - Added patch fixing the syntactic errors in manpages.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  19 Nov 2007 14:08:36 +0000
Superseded in hardy-release 
libssh2 (0.17-1) unstable; urgency=low

  * New upstream release (Closes: #409362, #430569):
    * ABI change: soname changed (adding Conflicts and Replaces to new
      -dev package)
    * installing more documentation.
    * added lintian override: CVS directory accidentally went in release
      tarball.
  * Build using libgcrypt, not OpenSSL (Closes: #409362).
  * Quilt introduced to manage patches:
    * Added patch disabling compilation of example.
  * Watch file added.
  * ${Source-Version} changed to ${binary:Version}: makes lintian happy
    and allows binNMUs.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  23 Oct 2007 17:25:41 +0100
Superseded in hardy-release
Obsolete in gutsy-release 
libssh2 (0.14+20070102-1) unstable; urgency=low

  * Initial release (Closes: #403446).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  02 May 2007 14:08:15 +0100
148 of 48 results FirstPreviousNextLast