All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4
@ 2026-02-28  9:03 Mattias Walström
  2026-02-28 10:10 ` Julien Olivain via buildroot
  2026-03-06 19:53 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Mattias Walström @ 2026-02-28  9:03 UTC (permalink / raw)
  To: buildroot; +Cc: Mattias Walström

CVE-2025-14821: libssh loads configuration files from the C:\etc directory
on Windows
CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files
CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
CVE-2026-0967: Specially crafted patterns could cause DoS
CVE-2026-0968: OOB Read in sftp_parse_longname()
libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
extensions

Signed-off-by: Mattias Walström <lazzer@gmail.com>
---
 package/libssh/libssh.hash | 2 +-
 package/libssh/libssh.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
index 1c15d77a45..f259261444 100644
--- a/package/libssh/libssh.hash
+++ b/package/libssh/libssh.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
 # https://www.libssh.org/files/0.11/libssh-0.11.3.tar.xz.asc
 # with key 88A228D89B07C2C77D0C780903D5DF8CFDD3E8E7
-sha256  7d8a1361bb094ec3f511964e78a5a4dba689b5986e112afabe4f4d0d6c6125c3  libssh-0.11.3.tar.xz
+sha256  002ac320e3d66c9e100ec6576e3e84aa0c48949efde3bf5b40a2802992297701  libssh-0.11.4.tar.xz
 sha256  1656186e951db1c010a8485481fa94587f7e53a26d24976bef97945ad0c4df5a  COPYING
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
index 3c7e77a206..56de66d6ea 100644
--- a/package/libssh/libssh.mk
+++ b/package/libssh/libssh.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBSSH_VERSION_MAJOR = 0.11
-LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3
+LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
 LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
 LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
 LIBSSH_LICENSE = LGPL-2.1
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4
  2026-02-28  9:03 [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4 Mattias Walström
@ 2026-02-28 10:10 ` Julien Olivain via buildroot
  2026-03-06 19:53 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-02-28 10:10 UTC (permalink / raw)
  To: Mattias Walström; +Cc: buildroot

On 28/02/2026 10:03, Mattias Walström wrote:
> CVE-2025-14821: libssh loads configuration files from the C:\etc 
> directory
> on Windows
> CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
> CVE-2026-0965: Possible Denial of Service when parsing unexpected
> configuration files
> CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
> CVE-2026-0967: Specially crafted patterns could cause DoS
> CVE-2026-0968: OOB Read in sftp_parse_longname()
> libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
> extensions
> 
> Signed-off-by: Mattias Walström <lazzer@gmail.com>

Applied to master, thanks. For info, I fixed the signature link
in the hash file. See:
https://gitlab.com/buildroot.org/buildroot/-/commit/f54e7d710c6dd7d46702304ec8d7ea9e7a8252ec

Best regards,

Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4
  2026-02-28  9:03 [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4 Mattias Walström
  2026-02-28 10:10 ` Julien Olivain via buildroot
@ 2026-03-06 19:53 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-03-06 19:53 UTC (permalink / raw)
  To: Mattias Walström; +Cc: Thomas Perale, buildroot

In reply of:
> CVE-2025-14821: libssh loads configuration files from the C:\etc directory
> on Windows
> CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
> CVE-2026-0965: Possible Denial of Service when parsing unexpected
> configuration files
> CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
> CVE-2026-0967: Specially crafted patterns could cause DoS
> CVE-2026-0968: OOB Read in sftp_parse_longname()
> libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
> extensions
> 
> Signed-off-by: Mattias Walström <lazzer@gmail.com>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  package/libssh/libssh.hash | 2 +-
>  package/libssh/libssh.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
> index 1c15d77a45..f259261444 100644
> --- a/package/libssh/libssh.hash
> +++ b/package/libssh/libssh.hash
> @@ -1,5 +1,5 @@
>  # Locally calculated after checking pgp signature
>  # https://www.libssh.org/files/0.11/libssh-0.11.3.tar.xz.asc
>  # with key 88A228D89B07C2C77D0C780903D5DF8CFDD3E8E7
> -sha256  7d8a1361bb094ec3f511964e78a5a4dba689b5986e112afabe4f4d0d6c6125c3  libssh-0.11.3.tar.xz
> +sha256  002ac320e3d66c9e100ec6576e3e84aa0c48949efde3bf5b40a2802992297701  libssh-0.11.4.tar.xz
>  sha256  1656186e951db1c010a8485481fa94587f7e53a26d24976bef97945ad0c4df5a  COPYING
> diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
> index 3c7e77a206..56de66d6ea 100644
> --- a/package/libssh/libssh.mk
> +++ b/package/libssh/libssh.mk
> @@ -5,7 +5,7 @@
>  ################################################################################
>  
>  LIBSSH_VERSION_MAJOR = 0.11
> -LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3
> +LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
>  LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
>  LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
>  LIBSSH_LICENSE = LGPL-2.1
> -- 
> 2.43.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-06 19:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-28  9:03 [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4 Mattias Walström
2026-02-28 10:10 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.