Nine security vulns fixed in 1.8.1: https://www.openwall.com/lists/oss-security/2019/03/18/3
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b63b26650737258c12032376fe9c80beb97b07be commit b63b26650737258c12032376fe9c80beb97b07be Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-03-18 22:07:02 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-03-18 22:07:45 +0000 net-libs/libssh2: Version 1.8.1 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Bug: https://bugs.gentoo.org/680904 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-libs/libssh2/Manifest | 1 + net-libs/libssh2/libssh2-1.8.1.ebuild | 59 +++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+)
net-libs/libssh2-1.8.2 was released on 2019-03-25 and fixes regression: https://github.com/libssh2/libssh2/blob/libssh2-1.8.2/RELEASE-NOTES """ o Fixed the misapplied userauth patch that broke 1.8.1 o moved the MAX size declarations from the public header """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e3b13af1d3fa9c55111734ea47afeb6d1ac7bf3 commit 5e3b13af1d3fa9c55111734ea47afeb6d1ac7bf3 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-03-26 07:38:28 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-03-26 07:39:16 +0000 net-libs/libssh2: Version 1.8.2 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Bug: https://bugs.gentoo.org/show_bug.cgi?id=680904 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-libs/libssh2/Manifest | 2 +- net-libs/libssh2/{libssh2-1.8.1.ebuild => libssh2-1.8.2.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3855.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3856.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch CVE-2019-3857 Possible integer overflow leading to zero-byte allocation and out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3857.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch CVE-2019-3858 Possible zero-byte allocation leading to an out-of-bounds read URL: https://www.libssh2.org/CVE-2019-3858.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch CVE-2019-3859 Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev` URL: https://www.libssh2.org/CVE-2019-3859.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch CVE-2019-3860 Out-of-bounds reads with specially crafted SFTP packets URL: https://www.libssh2.org/CVE-2019-3860.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch CVE-2019-3861 Out-of-bounds reads with specially crafted SSH packets URL: https://www.libssh2.org/CVE-2019-3861.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch CVE-2019-3862 Out-of-bounds memory comparison URL: https://www.libssh2.org/CVE-2019-3862.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch CVE-2019-3863 Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes URL: https://www.libssh2.org/CVE-2019-3863.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
@ maintainer(s): Please cleanup and drop <net-libs/libssh2-1.9.0!
Repository is clean, all done!
