Null pointer doesn't checked in channel.c this may prevent to a null reference deallocation: https://bugzilla.redhat.com/show_bug.cgi?id=982685#c0 Fixed in: http://git.libssh.org/projects/libssh.git/commit/?id=11e54e82216e1a07d90f7e4db9572ea96d036350
Created attachment 353144 [details, diff] Check-for-NULL-pointers-in-channel.c.patch Patch from upstream git
Please CC all package maintainers. I will action this shortly.
Added 0.5.5 in CVS which contains the fix.
(In reply to Michael Palimaka (kensington) from comment #3) > Added 0.5.5 in CVS which contains the fix. Good. Is it ready for stabilization? If yes, please CC arches and begin to stabilize it.
Arch teams, please test and stabilise net-libs/libssh-0.5.5. Target KEYWORDS="amd64 ppc ppc64 x86".
ppc stable
amd64 stable
x86 stable
ppc64 stable
Thanks for your work. GLSA vote: no
Thanks all. Removing maintainer, nothing to do anymore. + + 18 Sep 2013; Johannes Huber <johu@gentoo.org> -libssh-0.5.4.ebuild: + Remove vulnerable version wrt bug #476622. +
GLSA vote: no. Closing noglsa.