Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d826da17 by Utkarsh Gupta at 2026-02-14T03:15:08+05:30
Mark CVE-2026-096{4-8}/libssh as postponed for bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1198,6 +1198,7 @@ CVE-2026-0968 [Denial of Service due to malformed SFTP
message]
- libssh <unfixed> (bug #1127693)
[trixie] - libssh <no-dsa> (Minor issue)
[bookworm] - libssh <no-dsa> (Minor issue)
+ [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0968.txt
NOTE: Tests:
https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03
(libssh-0.11.4)
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9
(libssh-0.11.4)
@@ -1205,12 +1206,14 @@ CVE-2026-0967 [Denial of Service via inefficient
regular expression processing]
- libssh <unfixed> (bug #1127693)
[trixie] - libssh <no-dsa> (Minor issue)
[bookworm] - libssh <no-dsa> (Minor issue)
+ [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0967.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15
(libssh-0.11.4)
CVE-2026-0966 [Buffer underflow in ssh_get_hexa() on invalid input]
- libssh <unfixed> (bug #1127693)
[trixie] - libssh <no-dsa> (Minor issue)
[bookworm] - libssh <no-dsa> (Minor issue)
+ [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0966.txt
NOTE: Documentation:
https://git.libssh.org/projects/libssh.git/commit/?id=3e1d276a5a030938a8f144f46ff4f2a2efe31ced
(libssh-0.11.4)
NOTE: Tests:
https://git.libssh.org/projects/libssh.git/commit/?id=b156391833c66322436cf177d57e10b0325fbcc8
(libssh-0.11.4)
@@ -1219,12 +1222,14 @@ CVE-2026-0965 [Denial of Service via improper
configuration file handling]
- libssh <unfixed> (bug #1127693)
[trixie] - libssh <no-dsa> (Minor issue)
[bookworm] - libssh <no-dsa> (Minor issue)
+ [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0965.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76
(libssh-0.11.4)
CVE-2026-0964 [Improper sanitation of paths received from SCP servers]
- libssh <unfixed> (bug #1127693)
[trixie] - libssh <no-dsa> (Minor issue)
[bookworm] - libssh <no-dsa> (Minor issue)
+ [bullseye] - libssh <postponed> (Minor issue)
NOTE: https://www.libssh.org/security/advisories/CVE-2026-0964.txt
NOTE: Fixed by:
https://git.libssh.org/projects/libssh.git/commit/?id=a5e4b12090b0c939d85af4f29280e40c5b6600aa
(libssh-0.11.4)
CVE-2025-14821 [Insecure default configuration leads to local
man-in-the-middle attacks on Windows]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d826da17e09ca40df391211e2bbde2cd360a0934
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d826da17e09ca40df391211e2bbde2cd360a0934
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
