Debian Patches

Status for libssh/0.10.6-0+deb12u2

Patch Description Author Forwarded Bugs Origin Last update
0001-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch [PATCH 1/2] Fix regression in IPv6 addresses in hostname parsing
(cherry picked from commit 4f997aee7c7d7ea346b3e8ba505da0b7601ff318)		 Jakub Jelen <jjelen@redhat.com> no 2023-12-22
0002-tests-Increase-test-coverage-for-IPv6-address-parsin.patch [PATCH 2/2] tests: Increase test coverage for IPv6 address parsing as hostnames

This was an issue in cockpit:

https://github.com/cockpit-project/cockpit/issues/19772

(cherry picked from commit 6f6e453d7b0ad4ee6a6f6a1c96a9a6b27821410d)		 Jakub Jelen <jjelen@redhat.com> no 2023-12-22
0003-CVE-2025-4877-base64-Prevent-integer-overflow-and-po.patch [PATCH 3/8] CVE-2025-4877 base64: Prevent integer overflow and potential OOB

Set maximum input to 256MB to have safe margin to the 1GB trigger point
for 32b arch.

The OOB should not be reachable by any internal code paths as most of
the buffers and strings we use as input for this operation already have
similar limit and none really allows this much of data.

(cherry picked from commit 00f09acbec55962839fc7837ef14c56fb8fbaf72)		 Jakub Jelen <jjelen@redhat.com> no 2025-04-15
0004-CVE-2025-5318-sftpserver-Fix-possible-buffer-overrun.patch [PATCH 4/8] CVE-2025-5318: sftpserver: Fix possible buffer overrun

(cherry-picked from commit 5f4ffda88770f95482f)		 Jakub Jelen <jjelen@redhat.com> no 2025-04-22
0005-CVE-2025-4878-legacy-Properly-check-return-value-to-.patch [PATCH 5/8] CVE-2025-4878 legacy: Properly check return value to avoid NULL pointer dereference


(cherry-picked from commit b35ee876adc92a208)		 Jakub Jelen <jjelen@redhat.com> no 2025-04-28
0006-CVE-2025-5351-pki_crypto-Avoid-double-free-on-low-me.patch [PATCH 6/8] CVE-2025-5351 pki_crypto: Avoid double-free on low-memory conditions


(cherry-picked from commit 6ddb730a273389838)		 Jakub Jelen <jjelen@redhat.com> no 2025-05-06
0007-CVE-2025-5987-libcrypto-Correctly-detect-failures-of.patch [PATCH 7/8] CVE-2025-5987 libcrypto: Correctly detect failures of chacha initialization


(cherry-picked from commit 90b4845e0c98574bb)		 Jakub Jelen <jjelen@redhat.com> no 2025-05-06
0008-CVE-2025-5372-libgcrypto-Simplify-error-checking-and.patch [PATCH 8/8] CVE-2025-5372 libgcrypto: Simplify error checking and handling of return codes in ssh_kdf()


(cherry-picked from commit a9d8a3d44829cf9182b)		 Jakub Jelen <jjelen@redhat.com> no 2025-05-14
1003-custom-lib-names.patch Allow the buildsystem to overwrite libssh's OUTPUT_NAME. Sebastian Ramacher <s.ramacher@gmx.at> no 2012-06-19
2003-disable-expand_tilde_unix-test.patch Disable torture_path_expand_tilde_unix, its not working well on buildd On buildd, the HOME is set to a non-existing directory, this makes
torture_path_expand_tilde_unix fail

===================================================================		 Laurent Bigonville <bigon@debian.org> not-needed
2004-install-static-lib.patch Install the static library again Laurent Bigonville <bigon@debian.org> not-needed
CVE-2025-8114.patch CVE-2025-8114: Fix NULL pointer dereference after allocation failure Andreas Schneider <asn@cryptomilk.org> no 2025-08-06
CVE-2025-8277-1.patch CVE-2025-8277: packet: Adjust packet filter to work when DH-GEX is guessed wrongly

(cherry picked from commit 4310a696f2d632c6742678077d703d9b9ff3bc0e)		 Jakub Jelen <jjelen@redhat.com> no 2025-08-05
CVE-2025-8277-2.patch CVE-2025-8277: Fix memory leak of unused ephemeral key pair after client's wrong KEX guess

(cherry picked from commit ccff22d3787c1355b3f0dcd09fe54d90acc55bf1)		 Francesco Rollo <eferollo@gmail.com> no 2025-07-24
CVE-2025-8277-3.patch CVE-2025-8277: ecdh: Free previously allocated pubkeys
(cherry picked from commit c9d95ab0c7a52b231bcec09afbea71944ed0d852)		 Jakub Jelen <jjelen@redhat.com> no 2025-08-06
CVE-2025-8277-4.patch CVE-2025-8277: mbedtls: Avoid leaking ecdh keys
(cherry picked from commit ffed80f8c078122990a4eba2b275facd56dd43e0)		 Jakub Jelen <jjelen@redhat.com> no 2025-08-06

All known versions for source package 'libssh'

Links