CVE-2020-16135: libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Patches are at URL. Looks like it wasn't merged from the merge request but just a series of commits: https://gitlab.com/libssh/libssh-mirror/-/commit/533d881b0f4b24c72b35ecc97fa35d295d063e53 https://gitlab.com/libssh/libssh-mirror/-/commit/2782cb0495b7450bd8fe43ce4af886b66fea6c40 https://gitlab.com/libssh/libssh-mirror/-/commit/10b3ebbe61a7031a3dae97f05834442220447181 https://gitlab.com/libssh/libssh-mirror/-/commit/245ad744b5ab0582fef7cf3905a717b791d7e08b
Upstream told me that it's safe to wait for the upcoming release (which they planned to release in about a month).
(In reply to Lars Wendler (Polynomial-C) from comment #1) > Upstream told me that it's safe to wait for the upcoming release (which they > planned to release in about a month). Thanks!
Thanks. Tell us when it's ready to stable.
Ready?
ppc done
arm64 done
sparc stable
ppc64 stable
arm done
x86 done
amd64 done
hppa stable. Last arch, closing.
Sorry, not my day.
(In reply to Rolf Eike Beer from comment #13) > Sorry, not my day. No worries. :) Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db2e4f147fa025f4a824b3c92125ca3d518a1038 commit db2e4f147fa025f4a824b3c92125ca3d518a1038 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-10-15 19:00:53 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-10-15 19:00:53 +0000 net-libs/libssh: Cleanup vulnerable 0.9.4 Bug: https://bugs.gentoo.org/734624 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> net-libs/libssh/Manifest | 1 - net-libs/libssh/libssh-0.9.4.ebuild | 119 ------------------------------------ 2 files changed, 120 deletions(-)
This issue was resolved and addressed in GLSA 202011-05 at https://security.gentoo.org/glsa/202011-05 by GLSA coordinator Sam James (sam_c).
