Hi Salvatore,

On  Di 02 Apr 2019 08:48:18 CEST, Salvatore Bonaccorso wrote:

Hi Mike

While working on an update for libssh2 first for buster and stretch
for the recent CVEs I noticed that the libssh2 update might have a
problem with one patch, when I compared with the jessie LTS update.

Upstream did wrongly apply some checks, which resulted
https://github.com/libssh2/libssh2/pull/327 .
Commit:
https://github.com/libssh2/libssh2/commit/165f05ef01a95538b426cc8c90da8accfaa20d01

I have included this commit in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965#23

And actually a user followed up todayin the bug #924965.

Can you double check if 1.4.3-4.1+deb8u2 for this issue?

Regards,
Salvatore

You are right. The patch from PR #327 applies on top of the current jessie version of libssh2. A regression upload is needed for libssh2 in jessie LTS.

I have built a follow-up revision of the jessie package and will test later today with the PHP example given in #924965 msg-23. (Now, I need to run to an appointment).
http://packages.sunweavers.net/debian/pool/main/libs/libssh2/

Greets,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgptOsBZJ8Inv.pgp
Description: Digitale PGP-Signatur

Reply via email to