Your message dated Fri, 30 Jan 2015 07:49:23 +0100
with message-id <[email protected]>
and subject line Re: Bug#776615: unblock: libssh/0.6.3-4
has caused the Debian Bug report #776615,
regarding unblock: libssh/0.6.3-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
776615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776615
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Hello,
I've uploaded libssh 0.6.3-4 that contains a security fix for #773577
(CVE-2014-8132).
Please unblock package libssh
unblock libssh/0.6.3-4
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.18.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libssh-0.6.3/debian/changelog libssh-0.6.3/debian/changelog
--- libssh-0.6.3/debian/changelog 2014-08-30 17:31:23.000000000 +0200
+++ libssh-0.6.3/debian/changelog 2015-01-27 00:28:06.000000000 +0100
@@ -1,3 +1,10 @@
+libssh (0.6.3-4) unstable; urgency=medium
+
+ * Add debian/patches/0001_CVE-2014-8132.patch: Fixup error path in
+ ssh_packet_kexinit() (Closes: #773577, CVE-2014-8132)
+
+ -- Laurent Bigonville <[email protected]> Tue, 27 Jan 2015 00:28:01 +0100
+
libssh (0.6.3-3) unstable; urgency=low
[ Sebastian Ramacher ]
diff -Nru libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch
--- libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch 1970-01-01 01:00:00.000000000 +0100
+++ libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch 2015-01-27 00:28:06.000000000 +0100
@@ -0,0 +1,39 @@
+commit 87ae95eb3c2f35d3e8e00eca43d0711ab2737ef5
+Author: Jon Simons <[email protected]>
+Date: Sat Oct 18 23:23:26 2014 -0700
+
+ CVE-2014-8132: Fixup error path in ssh_packet_kexinit()
+
+ Before this change, dangling pointers can be unintentionally left in the
+ respective next_crypto kex methods slots. Ensure to set all slots to
+ NULL in the error-out path.
+
+ Signed-off-by: Jon Simons <[email protected]>
+ Reviewed-by: Andreas Schneider <[email protected]>
+ (cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7)
+
+diff --git a/src/kex.c b/src/kex.c
+index 563c6a5..fab6bad 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -315,7 +315,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+ for (i = 0; i < KEX_METHODS_SIZE; i++) {
+ str = buffer_get_ssh_string(packet);
+ if (str == NULL) {
+- break;
++ goto error;
+ }
+
+ if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) {
+@@ -350,6 +350,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+ error:
+ ssh_string_free(str);
+ for (i = 0; i < SSH_KEX_METHODS; i++) {
++ if (server_kex) {
++ session->next_crypto->client_kex.methods[i] = NULL;
++ } else { /* client */
++ session->next_crypto->server_kex.methods[i] = NULL;
++ }
+ SAFE_FREE(strings[i]);
+ }
+
diff -Nru libssh-0.6.3/debian/patches/series libssh-0.6.3/debian/patches/series
--- libssh-0.6.3/debian/patches/series 2014-08-30 17:31:23.000000000 +0200
+++ libssh-0.6.3/debian/patches/series 2015-01-27 00:28:06.000000000 +0100
@@ -1,3 +1,4 @@
+0001_CVE-2014-8132.patch
1001_error-msg-typo-fix.patch
1003-custom-lib-names.patch
2002-fix-html-doc-generation.patch
--- End Message ---
--- Begin Message ---
On 2015-01-30 01:09, Laurent Bigonville wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Hello,
>
> I've uploaded libssh 0.6.3-4 that contains a security fix for #773577
> (CVE-2014-8132).
>
> Please unblock package libssh
>
> unblock libssh/0.6.3-4
>
> [...]
Unblocked, thanks.
~Niels
--- End Message ---
