Debian Patches

Status for libssh2/1.9.0-2+deb11u1

Patch Description Author Forwarded Bugs Origin Last update
CVE-2020-22218.patch Fix CVE-2020-22218 Nicolas Mora <babelouest@debian.org> not-needed
manpage.patch Fix typo Nicolas Mora <babelouest@debian.org> not-needed
0001-Add-lgpg-error-to-.pc-to-facilitate-static-linking.patch [PATCH] Add -lgpg-error to .pc to facilitate static linking
Note that this patch is Debian-specific as we know that libssh2 is linked
to gcrypt.

Patching configure.ac to add gpg-error as a dependent library is not good, as it
would cause overlinking of libssh2, and there is no separate variable for
"static dependencies".

All this mess ought to be solved in gcrypt inself by providing .pc file,
but it is not.
Mikhail Gusarov <dottedmag@dottedmag.net> no 2014-09-03
0001-Do-not-expose-private-libraries-nor-link-flags-to-us.patch [PATCH] Do not expose private libraries nor link flags to users of libssh2

Reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747417
Mikhail Gusarov <dottedmag@dottedmag.net> no 2014-05-19
CVE-2019-17498.patch [PATCH] packet.c: improve message parsing (#402)
* packet.c: improve parsing of packets


notes:
Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
Will Cosgrove <will@panic.com> no 2019-08-30

All known versions for source package 'libssh2'

Links