libssh (0.5.2-1ubuntu0.12.04.6) precise-security; urgency=medium * SECURITY UPDATE: denial of service via incorrect SSH_MSG_NEWKEYS and KEXDH_REPLY packet handling - debian/patches/CVE-2015-3146.patch: fix state validation in src/client.c, src/server.c, src/buffer.c. - CVE-2015-3146 * SECURITY UPDATE: weakness in diffie-hellman secret key generation - debian/patches/CVE-2016-0739.patch: fix bits/bytes confusion bug in src/dh.c. - CVE-2016-0739 -- Marc Deslauriers Tue, 23 Feb 2016 07:36:38 -0500 libssh (0.5.2-1ubuntu0.12.04.4) precise-security; urgency=medium * SECURITY UPDATE: denial of service via crafted kexinit packet - debian/patches/CVE-2014-8132.patch: properly set slots to NULL in src/kex.c. - CVE-2014-8132 -- Marc Deslauriers Wed, 07 Jan 2015 12:05:17 -0500 libssh (0.5.2-1ubuntu0.12.04.3) precise-security; urgency=medium * SECURITY UPDATE: PRNG state reuse on forking servers - debian/patches/CVE-2014-0017.patch: force reseed after fork in include/libssh/wrapper.h, src/bind.c, src/libcrypto.c, src/libgcrypt.c. - CVE-2014-0017 -- Marc Deslauriers Mon, 10 Mar 2014 09:58:25 -0400 libssh (0.5.2-1ubuntu0.12.04.2) precise-security; urgency=low * SECURITY UPDATE: denial of service via NULL dereference - debian/patches/CVE-2013-0176.patch: properly handle client that doesn't send a matching key in src/server.c. - CVE-2013-0176 -- Marc Deslauriers Fri, 25 Jan 2013 13:43:46 -0500 libssh (0.5.2-1ubuntu0.12.04.1) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via multiple double free flaws - debian/patches/CVE-2012-4559.patch: properly do frees in src/agent.c, src/channels.c, src/sftp.c. - CVE-2012-4559 * SECURITY UPDATE: denial of service and possible code execution via multiple buffer overflows - debian/patches/CVE-2012-4560.patch: properly calculate sizes in src/misc.c. - CVE-2012-4560 * SECURITY UPDATE: denial of service and possible code execution via multiple invalid free flaws - debian/patches/CVE-2012-4561.patch: don't use after free in src/keyfiles.c, properly zero structs in src/keys.c. - CVE-2012-4561 * SECURITY UPDATE: denial of service and possible code execution via multiple improper overflow checks - debian/patches/CVE-2012-4562.patch: do proper overflow checks in src/buffer.c, src/dh.c, src/string.c. - CVE-2012-4562 -- Marc Deslauriers Thu, 22 Nov 2012 14:03:19 -0500 libssh (0.5.2-1) unstable; urgency=low * New upstream release - Fix bug with ssh_channel_write (Closes: #631950) * debian/watch: Use new tarball location -- Laurent Bigonville Mon, 19 Sep 2011 12:01:26 +0200 libssh (0.5.1-1) unstable; urgency=low * New upstream release (Closes: #637445) * debian/patches/0001-rename-threads-static.patch, debian/patches/0002-Check-for-NULL-pointers-in-string-c.patch: Dropped * debian/rules: - Adjust rule that build documentation * debian/patches/0001-disable-latex-documentation.patch: Disable LaTeX documentation generation (Closes: #622108) * debian/control: Drop texlive-fonts-recommended build-dependency * debian/patches/0002-fix-html-doc-generation.patch: Fix HTML doc generation (LP: #821437) * debian/libssh-doc.doc-base: Refine Title and Files glob -- Laurent Bigonville Fri, 19 Aug 2011 00:46:48 +0200 libssh (0.5.0-2) unstable; urgency=low * debian/patches/0002-Check-for-NULL-pointers-in-string-c.patch: Consolidate patch (Should fix previous REJECT) * Support multiarch spec -- Laurent Bigonville Wed, 15 Jun 2011 15:48:07 +0200 libssh (0.5.0-1) unstable; urgency=low * New upstream release * debian/control: - Bump Standards-Version to 3.9.2 (no further changes) - Fix short description to please lintian * debian/libssh-dev.install: - Remove "static" from the static library name - Install pkg-config file * debian/libssh-4.symbols: Add new symbols to .symbols file * debian/patch/0001-rename-threads-static.patch: Rename libssh_threads_static.so to libssh_threads.so * debian/libssh-4.install, debian/libssh-dev.install, debian/libssh-4.symbols, debian/libssh-4.lintian-overrides: Install libssh_threads library * debian/patches/0002-Check-for-NULL-pointers-in-string-c.patch: Check if string is NULL. -- Laurent Bigonville Fri, 10 Jun 2011 22:47:54 +0200 libssh (0.4.8-2) unstable; urgency=low * Upload to unstable * debian/control: Add texlive-fonts-recommended to Build-Depends-Indep (Closes: #608319) -- Laurent Bigonville Sun, 13 Mar 2011 22:06:00 +0100 libssh (0.4.8-1) experimental; urgency=low * New upstream release * Bump debhelper compatibility to 8 -- Laurent Bigonville Mon, 17 Jan 2011 19:31:47 +0100 libssh (0.4.7-1) experimental; urgency=low * New upstream release - Drop all patches, applied upstream * debian/watch: Fix URL regex -- Laurent Bigonville Tue, 04 Jan 2011 21:24:34 +0100 libssh (0.4.6-1) experimental; urgency=low * New upstream release -- Laurent Bigonville Mon, 13 Dec 2010 23:30:03 +0100 libssh (0.4.5-3) unstable; urgency=low * d/p/0002-socket-Fixed-uninitialized-fd-revents-member.patch: Fix uninitialized memory use (Closes: #606347) -- Laurent Bigonville Sat, 11 Dec 2010 01:33:45 +0100 libssh (0.4.5-2) unstable; urgency=low * Add d/p/0001-socket.c-Fixed-setting-max_fd-which-breaks-ssh_selec.patch: Fix slow response in Remmina SSH (Closes: #599687, LP: #663777) * debian/control: Bump Standards-Version to 3.9.1 (no futher changes) * debian/copyright: Update copyright file to please lintian -- Laurent Bigonville Wed, 20 Oct 2010 20:45:48 +0200 libssh (0.4.5-1) unstable; urgency=low * New upstream release * Bump Standards-Version to 3.9.0 (no further changes) * Move doxygen to Build-Depends-Indep -- Laurent Bigonville Sun, 18 Jul 2010 22:48:10 +0200 libssh (0.4.4-1) unstable; urgency=low * New upstream release - Should fix ~/.ssh directory access (Closes: #582461) -- Laurent Bigonville Mon, 31 May 2010 20:10:56 +0200 libssh (0.4.3-1) unstable; urgency=low * New upstream release - Drop 0001-Fix-symbols-visibility.patch, applied upstream - Update debian/libssh-4.symbols: Add new symbol -- Laurent Bigonville Tue, 18 May 2010 21:06:33 +0200 libssh (0.4.2-1) unstable; urgency=low * New upstream release - 0001-Fix-symbols-visibility.patch: Only export needed symbols - debian/libssh-4.symbols: Update symbols file -- Laurent Bigonville Thu, 25 Mar 2010 13:38:35 +0100 libssh (0.4.1-1) unstable; urgency=low * New upstream release * debian/control: Bump Standards-Version (no further changes) * Use new source package format '3.0 (quilt)' -- Laurent Bigonville Sat, 13 Feb 2010 20:18:18 +0100 libssh (0.4.0-1) unstable; urgency=low * New upstream release. - Bump soname - Adjust .symbols file * Readd static library in -dev package * Let dh_lintian install override file * debian/README.Debian: Update file * debian/rules: Add list-missing rule -- Laurent Bigonville Sat, 12 Dec 2009 14:29:12 +0100 libssh (0.3.4-3) unstable; urgency=low * Add correct Conflicts/Replaces for -dev and -doc packages (Closes: #550996) -- Laurent Bigonville Thu, 15 Oct 2009 09:59:57 +0200 libssh (0.3.4-2) unstable; urgency=low * debian/watch: Update the URL * debian/copyright: Add missing licence for some cmake/Modules files -- Laurent Bigonville Mon, 12 Oct 2009 09:37:03 +0200 libssh (0.3.4-1) unstable; urgency=low * New upstream release (Closes: #467284). - Adjust build-deps and use cmake - Bump soname and adjust .symbols file * debian/control: - Use my debian.org address in Uploaders and takeover the package with Jean-Philippe permission - Use now official Vcs-* field - Use new Homepage field instead of old pseudo-field - Bump Standards-Version to 3.8.3 (no further changes) - Use debug section for -dbg package - Add ${misc:Depends} to please lintian - Remove duplicate section to please lintian * debian/libssh-2-doc.doc-base: Fix doc-base-uses-applications-section * Bump debhelper version to 7 * debian/libssh-dev.install: do not install .la file and static library anymore * debian/libssh-3.lintian-overrides: Update override * debian/copyright: Update copyright file * debian/libssh-3.symbols: Add initial symbols file -- Laurent Bigonville Fri, 09 Oct 2009 21:21:16 +0200 libssh (0.2+svn20070321-4) unstable; urgency=low * debian/control: - Add XS-Vcs-Svn and XS-Vcs-Browser fields. - Change to ${binary:Version} for versionized dependencies. * Add debian/README.Debian to disambiguate the package name -- Laurent Bigonville Fri, 27 Jul 2007 15:00:06 +0200 libssh (0.2+svn20070321-3) unstable; urgency=low * Fix wrong versionized Replaces for -doc package -- Laurent Bigonville Thu, 5 Apr 2007 17:58:27 +0200 libssh (0.2+svn20070321-2) unstable; urgency=low * Split devel package into devel and documentation packages -- Laurent Bigonville Mon, 26 Mar 2007 15:29:51 +0200 libssh (0.2+svn20070321-1) unstable; urgency=low * New svn snapshot: - Fix broken include in include/libssh/server.h (Closes: #410020) - Fix nasty bug in server side code -- Laurent Bigonville Mon, 26 Mar 2007 15:06:40 +0200 libssh (0.2-1) unstable; urgency=low * New upstream release. -- Laurent Bigonville Fri, 29 Dec 2006 07:40:20 +0100 libssh (0.2~rc-1) unstable; urgency=low * Initial release (Closes: #316872) -- Jean-Philippe Garcia Ballester Wed, 20 Dec 2006 23:56:50 +0100