Path to this page:
Subject: CVS commit: [pkgsrc-2019Q4] pkgsrc/security/libssh
From: Benny Siegert
Date: 2020-01-07 20:26:28
Message id: 20200107192628.772E4FBF4@cvs.NetBSD.org
Log Message:
Pullup ticket #6107 - requested by is
security/libssh: security fix
Revisions pulled up:
- security/libssh/Makefile 1.34
- security/libssh/PLIST 1.15
- security/libssh/distinfo 1.20
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 31 12:27:03 UTC 2019
Modified Files:
pkgsrc/security/libssh: Makefile PLIST distinfo
Log Message:
libssh: update to 0.93.
version 0.9.3 (released 2019-12-10)
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
Files: