Package: libssh2 / 1.7.0-1+deb9u1
Metadata
Package | Version | Patches format |
---|---|---|
libssh2 | 1.7.0-1+deb9u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 Add lgpg error to .pc to facilitate static linking.patch | (download) |
libssh2.pc.in |
2 1 + 1 - 0 ! |
[patch] add -lgpg-error to .pc to facilitate static linking Note that this patch is Debian-specific as we know that libssh2 is linked to gcrypt. Patching configure.ac to add gpg-error as a dependent library is not good, as it would cause overlinking of libssh2, and there is no separate variable for "static dependencies". All this mess ought to be solved in gcrypt inself by providing .pc file, but it is not. |
0001 Do not expose private libraries to us.patch | (download) |
libssh2.pc.in |
2 1 + 1 - 0 ! |
[patch] do not expose private libraries to users of libssh2 Reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747417 |
CVE 2019 3855.patch | (download) |
src/transport.c |
6 6 + 0 - 0 ! |
possible integer overflow in transport read allows out-of-bounds write |
CVE 2019 3856.patch | (download) |
src/userauth.c |
7 7 + 0 - 0 ! |
possible integer overflow in keyboard interactive handling allows out-of-bounds write |
CVE 2019 3857.patch | (download) |
include/libssh2.h |
12 12 + 0 - 0 ! |
possible integer overflow leading to zero-byte allocation and out-of-bounds write |
CVE 2019 3858.patch | (download) |
src/sftp.c |
4 4 + 0 - 0 ! |
possible zero-byte allocation leading to an out-of-bounds read |
CVE 2019 3859.patch | (download) |
src/channel.c |
26 22 + 4 - 0 ! |
out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev |
CVE 2019 3860.patch | (download) |
src/sftp.c |
309 252 + 57 - 0 ! |
out-of-bounds reads with specially crafted sftp packets |
CVE 2019 3861.patch | (download) |
src/transport.c |
3 3 + 0 - 0 ! |
out-of-bounds reads with specially crafted ssh packets |
CVE 2019 3862.patch | (download) |
src/packet.c |
14 8 + 6 - 0 ! |
out-of-bounds memory comparison |
CVE 2019 3863.patch | (download) |
src/userauth.c |
13 11 + 2 - 0 ! |
integer overflow in user authenicate keyboard interactive allows out-of-bounds writes |
Fixed misapplied patch 327.patch | (download) |
src/userauth.c |
8 4 + 4 - 0 ! |
fixed misapplied patch (#327) |
moved MAX size declarations 330.patch | (download) |
include/libssh2.h |
12 0 + 12 - 0 ! |
moved max size declarations #330 |