Control: tag -1 pending Control: notfound -1 0.7.3-2+deb9u2 Control: notfound -1 0.8.1-1~bpo9+1 Control: notfound -1 0.8.7-1+deb10u1
Salvatore Bonaccorso [2021-08-26 22:21 +0200]: > CVE-2021-3634[0]: > | Possible heap-buffer overflow when rekeying Thanks for the report! For unstable/testing I am currently preparing the new upstream 0.9.6 release. According to the upstream advisory [1] this only affects version ≥ 0.9.1, thus I mark oldstable (buster) and oldoldstable (stretch) as not affected. For stable-security I'll prepare some backports, of that CVE and the AEAD handshake (and possibly some other important) bugs. Pitti [1] https://www.libssh.org/security/advisories/CVE-2021-3634.txt
