Control: tags -1 moreinfo confirmed On 2023-05-13 15:49:12 +0200, Martin Pitt wrote: > --- libssh-0.10.4/debian/changelog 2022-09-19 08:41:22.000000000 +0000 > +++ libssh-0.10.5/debian/changelog 2023-05-10 06:00:26.000000000 +0000 > @@ -1,3 +1,26 @@ > +libssh (0.10.5-1) unstable; urgency=high > + > + [ Martin Pitt ] > + * New upstream security release (thus high urgency): > + - Fix authenticated remote DoS through potential NULL dereference during > rekeying > + with algorithm guessing (CVE-2023-1667) > + https://www.libssh.org/security/advisories/CVE-2023-1667.txt > + - Client authentication bypass in pki_verify_data_signature() in > low-memory > + conditions with OpenSSL backend; gcrypt backend is not affected > + https://www.libssh.org/security/advisories/CVE-2023-2283.txt > + (CVE-2023-2283, Closes: #1035832) > + * Bump Standards-Version to 4.6.2. No changes necessary. > + * Drop debian/source/lintian-overrides. It now causes a > "mismatched-override" > + warning, and apparently is not necessary any more. > + * debian/copyright: Drop files which don't exist any more. > + Spotted by lintian's "superfluous-file-pattern" warnings. > + > + [ Debian Janitor ] > + * Bump debhelper from old 12 to 13.
It's too late for debhelper compat bumps. See https://release.debian.org/bookworm/FAQ.html Please re-upload without that change and remove the moreinfo tag once that happened. Cheers -- Sebastian Ramacher
