Change logs for libssh2 source package in Disco
-
libssh2 (1.8.0-2.1) unstable; urgency=high * Non-maintainer upload. * Possible integer overflow in transport read allows out-of-bounds write (CVE-2019-3855) (Closes: #924965) * Possible integer overflow in keyboard interactive handling allows out-of-bounds write (CVE-2019-3856) (Closes: #924965) * Possible integer overflow leading to zero-byte allocation and out-of-bounds write (CVE-2019-3857) (Closes: #924965) * Possible zero-byte allocation leading to an out-of-bounds read (CVE-2019-3858) (Closes: #924965) * Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859) (Closes: #924965) * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860) (Closes: #924965) * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) (Closes: #924965) * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965) * Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) (Closes: #924965) * Fixed misapplied patch for user auth. * moved MAX size declarations -- Salvatore Bonaccorso <email address hidden> Sun, 31 Mar 2019 16:06:20 +0200
-
libssh2 (1.8.0-2) unstable; urgency=low * Add missing zlib1g-dev dependency (Closes: #900558). * Remove manual -dbg package and corresponding override in d/rules. * Update Homepage, copyright and tarball download URL to use https. * Clean spurious EOL whitespace from d/changelog. * Add signature check to debian/watch. * Update debhelper compatibility (and dependency). * Remove no longer needed explicit dh --parallel flag * Enable full hardening mode. * Update packaging copyright years. * Bump Standards-Version. -- Mikhail Gusarov <email address hidden> Sat, 23 Jun 2018 21:45:38 +0200