Debian Patches
Status for libssh2/1.11.1-4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Add-lgpg-error-to-.pc-to-facilitate-static-linking.patch | Add -lgpg-error to .pc to facilitate static linking Note that this patch is Debian-specific as we know that libssh2 is linked to gcrypt. Patching configure.ac to add gpg-error as a dependent library is not good, as it would cause overlinking of libssh2, and there is no separate variable for "static dependencies". All this mess ought to be solved in gcrypt inself by providing .pc file, but it is not. |
Mikhail Gusarov <dottedmag@dottedmag.net> | not-needed | 2014-09-03 | ||
| cve-2026-7598.patch | userauth.c: username_len bounds checking (#1858) Return errors when username_len will exceed bounds, fix existing bounds check. Credit: [dapickle](https://github.com/dapickle) |
Will Cosgrove <will@panic.com> | yes | 2026-04-13 | ||
| CVE-2025-15661.patch | Update sftp_symlink to avoid out of bounds read on malformed packet #1705 (#1717) | Will Cosgrove <will@panic.com> | no | 2025-10-10 | ||
| CVE-2026-55199.patch | packet: check `_libssh2_get_string()` return in `EXT_INFO` handler | TristanInSec <tristan.mtn@gmail.com> | no | 2026-04-15 | ||
| CVE-2026-55200.patch | transport.c: Additional boundary checks for packet length (#2052) | Will Cosgrove <will@panic.com> | no | 2026-06-12 | ||
| libssh-unconst-backport.patch | Needed by the fix for CVE-2025-15661 Cherrypicked from commit 606c102e52f8447de2b745dd6c5ddf418defc519 |
Viktor Szakats <commit@vsz.me> | no | 2025-01-30 |
All known versions for source package 'libssh2'
- 1.11.1-4 (forky, sid)
- 1.11.1-1+deb13u1 (trixie-security, trixie-proposed-updates)
- 1.11.1-1 (trixie)
- 1.10.0-3 (bookworm)