Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c7492e2 by Emilio Pozuelo Monfort at 2025-11-27T10:36:13+01:00
Reserve DLA-4385-1 for libssh
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -27150,7 +27150,6 @@ CVE-2025-8277 (A flaw was found in libssh's handling of
key exchange (KEX) proce
- libssh 0.11.3-1 (bug #1114859)
[trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
- [bullseye] - libssh <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383888
NOTE: https://www.libssh.org/security/advisories/CVE-2025-8277.txt
NOTE:
https://git.libssh.org/projects/libssh.git/commit/?id=ffed80f8c078122990a4eba2b275facd56dd43e0
@@ -41540,7 +41539,6 @@ CVE-2025-8114 (A flaw was found in libssh, a library
that implements the SSH pro
- libssh 0.11.3-1 (bug #1109860)
[trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
- [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383220
NOTE: https://gitlab.com/libssh/libssh-mirror/-/issues/317
NOTE: https://www.libssh.org/security/advisories/CVE-2025-8114.txt
@@ -50610,7 +50608,6 @@ CVE-2025-5449 (A flaw was found in the SFTP server
message decoding logic of lib
CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions
older ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
- [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972
(libssh-0.11.2)
CVE-2025-5351 (A flaw was found in the key export functionality of libssh. The
issue ...)
@@ -50622,20 +50619,17 @@ CVE-2025-5351 (A flaw was found in the key export
functionality of libssh. The i
CVE-2025-5318 (A flaw was found in the libssh library in versions less than
0.11.2. A ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
- [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
(libssh-0.11.2)
CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized
variable e ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
- [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
(libssh-0.11.2)
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb
(libssh-0.11.2)
CVE-2025-4877 (There's a vulnerability in the libssh package where when a
libssh cons ...)
- libssh 0.11.2-1 (bug #1108407)
[bookworm] - libssh <no-dsa> (Minor issue)
- [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4877.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
(libssh-0.11.2)
CVE-2025-5087 (Kaleris NAVIS N4 ULC (Ultra Light Client) communicates
insecurely usin ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2025] DLA-4385-1 libssh - security update
+ {CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-8114
CVE-2025-8277}
+ [bullseye] - libssh 0.9.8-0+deb11u2
[26 Nov 2025] DLA-4384-1 samba - security update
{CVE-2025-9640}
[bullseye] - samba 2:4.13.13+dfsg-1~deb11u7
=====================================
data/dla-needed.txt
=====================================
@@ -193,10 +193,6 @@ libsoup2.4
NOTE: 20250520: than me with getting the backported tests to run.
(spwhitton)
NOTE: 20250630: spwhitton contributor status: inactive
--
-libssh (Emilio)
- NOTE: 20251118: Added by pochu
- NOTE: 20251118: several no-dsa issues, backport fixes (pochu)
---
libxmltok
NOTE: 20250421: Added by Front-Desk (ta)
NOTE: 20250421: Also review all other expat CVEs. (bunk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7492e2b88fe5519519cd138fd2aaab26516aea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7492e2b88fe5519519cd138fd2aaab26516aea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
