Hi! On Wed, Oct 17, 2018 at 08:29:18AM +0200, Moritz Muehlenhoff wrote: > On Wed, Oct 17, 2018 at 03:57:50AM +0100, Ben Hutchings wrote: > > On Wed, 2018-10-17 at 03:18 +0100, Ben Hutchings wrote: > > > I've pushed backported fixes to a jessie-security branch at < > > > https://salsa.debian.org/debian/libssh>; and uploaded packages to < > > > https://people.debian.org/~benh/packages/jessie-security/>;. > > > > > > The fixes come from the upstream web site, but their version left the > > > test suite broken. I got the test suite to build and pass, but I don't > > > have a great deal of confidence in it. So I would appreciate any > > > suggestions for how to test that the library still works for real > > > applications. (Or, if you prefer, you could test and upload > > > yourselves.) > > > > I also pushed a stretch-security branch with fixes taken from the > > upstream v0-7 branch. Again, the test suite passes but I didn't know > > how to test with real applications. I do *not* intend to upload to > > stretch-security, but can do if you are short of time. > > JFTR, Salvatore has already uploaded a stretch build to security-master.
Yes, but not yet released a DSA, given we would like to expose more testing on it. Regards, Salvatore
