[Secure-testing-team] Bug#784404: libssh: CVE-2015-3146: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets
Debian BTS
debbugs at buxtehude.debian.org
Wed May 6 04:57:06 UTC 2015
Hi,
Reply-To: Salvatore Bonaccorso <carnil at debian.org>, 784404 at bugs.debian.org
Resent-From: Salvatore Bonaccorso <carnil at debian.org>
Resent-To: debian-bugs-dist at lists.debian.org
Resent-CC: carnil at debian.org, team at security.debian.org, secure-testing-team at lists.alioth.debian.org, Laurent Bigonville <bigon at debian.org>
X-Loop: owner at bugs.debian.org
Resent-Date: Wed, 06 May 2015 04:57:01 +0000
Resent-Message-ID: <handler.784404.B.14308881018304 at bugs.debian.org>
Resent-Sender: owner at bugs.debian.org
X-Debian-PR-Message: report 784404
X-Debian-PR-Package: src:libssh
X-Debian-PR-Keywords: fixed-upstream security upstream
X-Debian-PR-Source: libssh
Received: via spool by submit at bugs.debian.org id=B.14308881018304
(code B); Wed, 06 May 2015 04:57:01 +0000
Received: (at submit) by bugs.debian.org; 6 May 2015 04:55:01 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02
(2014-02-07) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-4.7 required=4.0 tests=BAYES_00,FROMDEVELOPER,PUSSY,
RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,XMAILER_REPORTBUG,X_DEBBUGS_CC
autolearn=ham autolearn_force=no version=3.4.0-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 17; hammy, 103; neutral, 32; spammy,
1. spammytokens:0.957-+--H*r:bugs.debian.org
hammytokens:0.000-+--H*F:U*carnil, 0.000-+--H*M:reportbug,
0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug
Received: from 84-75-170-174.dclient.hispeed.ch ([84.75.170.174] helo=eldamar.local)
by buxtehude.debian.org with esmtp (Exim 4.80)
(envelope-from <carnil at debian.org>)
id 1YprML-00029j-0P
for submit at bugs.debian.org; Wed, 06 May 2015 04:55:01 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Salvatore Bonaccorso <carnil at debian.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Message-ID: <20150506045458.16156.93869.reportbug at eldamar.local>
X-Mailer: reportbug 6.6.3
Date: Wed, 06 May 2015 06:54:58 +0200
Delivered-To: submit at bugs.debian.org
Source: libssh
Version: 0.5.4-1
Severity: important
Tags: security upstream fixed-upstream
the following vulnerability was published for libssh.
CVE-2015-3146[0]:
| null pointer dereference due to a logical error in the handling of a
| SSH_MSG_NEWKEYS and KEXDH_REPLY packets
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3146
[1] https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
Regards,
Salvatore
More information about the Secure-testing-team
mailing list