Your message dated Sat, 05 Jul 2025 21:30:32 +0000
with message-id <[email protected]>
and subject line unblock libssh
has caused the Debian Bug report #1108459,
regarding unblock: libssh/0.11.2-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1108459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108459
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:libssh
Please unblock the recent libssh security update in unstable to land in trixie.
[ Reason ]
That fixes a bunch of CVEs (https://bugs.debian.org/1108407,
https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/),
plus some good fixes and minor cmake build system cleanups.
[ Impact ]
No API/ABI changes, so this does not affect other packages.
[ Tests ]
The less obvious upstream changes have unit tests, e.g.
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d
The more obvious or "shallow but mass-scale" changes don't, e.g.
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6ddb730a273
or
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=697650caa97
However, there were about 6 reverse-dependency autopkgtests and they all
passed. Unfortuantely they disappear from
https://qa.debian.org/excuses.php?package=libssh after passing, I don't know
how to get that list now. But I saw the "in progress" ones yesterday.
[ Risks ]
There are numerous changes, and while I reviewd them they are not 100% risk
free due to sheer size. However, I have some trust in the revdeps autopkgtests.
[ Checklist ]
[x] all security relevant changes are documented in the d/changelog; I didn't
enumerate the bug fixes
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I attach the debdiff as a formality, but it's much easier and more useful to
review the individual upstream commits. They can be seen here:
https://git.libssh.org/projects/libssh.git/log/?h=stable-0.11 all the commits
that were made in the recent days, up to the (previous) libssh-0.11.1 tag.
Thanks,
Martin
libssh_0.11.1-2_0.11.2-1.debdiff.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Unblocked libssh.
--- End Message ---
