CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2025/09/12 04:07:57
Modified files:
security/libssh: Makefile distinfo
Removed files:
security/libssh/patches: patch-tests_torture_c
patch-tests_unittests_torture_config_c
patch-tests_unittests_torture_misc_c
Log message:
update to libssh-0.11.3
* Security:
* CVE-2025-8114: Fix NULL pointer dereference after allocation failure
* CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX
* Potential UAF when send() fails during key exchange
* Fix possible timeout during KEX if client sends authentication too early
(#311)
* Cleanup OpenSSL PKCS#11 provider when loaded
* Zeroize buffers containing private key blobs during export
