Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4
@ 2026-02-28  9:03 Mattias Walström
  2026-02-28 10:10 ` Julien Olivain via buildroot
  2026-03-06 19:53 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Mattias Walström @ 2026-02-28  9:03 UTC (permalink / raw)
  To: buildroot; +Cc: Mattias Walström

CVE-2025-14821: libssh loads configuration files from the C:\etc directory
on Windows
CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files
CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
CVE-2026-0967: Specially crafted patterns could cause DoS
CVE-2026-0968: OOB Read in sftp_parse_longname()
libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
extensions

Signed-off-by: Mattias Walström <lazzer@gmail.com>
---
 package/libssh/libssh.hash | 2 +-
 package/libssh/libssh.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
index 1c15d77a45..f259261444 100644
--- a/package/libssh/libssh.hash
+++ b/package/libssh/libssh.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
 # https://www.libssh.org/files/0.11/libssh-0.11.3.tar.xz.asc
 # with key 88A228D89B07C2C77D0C780903D5DF8CFDD3E8E7
-sha256  7d8a1361bb094ec3f511964e78a5a4dba689b5986e112afabe4f4d0d6c6125c3  libssh-0.11.3.tar.xz
+sha256  002ac320e3d66c9e100ec6576e3e84aa0c48949efde3bf5b40a2802992297701  libssh-0.11.4.tar.xz
 sha256  1656186e951db1c010a8485481fa94587f7e53a26d24976bef97945ad0c4df5a  COPYING
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
index 3c7e77a206..56de66d6ea 100644
--- a/package/libssh/libssh.mk
+++ b/package/libssh/libssh.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBSSH_VERSION_MAJOR = 0.11
-LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3
+LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
 LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
 LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
 LIBSSH_LICENSE = LGPL-2.1
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4
  2026-02-28  9:03 [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4 Mattias Walström
@ 2026-02-28 10:10 ` Julien Olivain via buildroot
  2026-03-06 19:53 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-02-28 10:10 UTC (permalink / raw)
  To: Mattias Walström; +Cc: buildroot

On 28/02/2026 10:03, Mattias Walström wrote:
> CVE-2025-14821: libssh loads configuration files from the C:\etc 
> directory
> on Windows
> CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
> CVE-2026-0965: Possible Denial of Service when parsing unexpected
> configuration files
> CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
> CVE-2026-0967: Specially crafted patterns could cause DoS
> CVE-2026-0968: OOB Read in sftp_parse_longname()
> libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
> extensions
> 
> Signed-off-by: Mattias Walström <lazzer@gmail.com>

Applied to master, thanks. For info, I fixed the signature link
in the hash file. See:
https://gitlab.com/buildroot.org/buildroot/-/commit/f54e7d710c6dd7d46702304ec8d7ea9e7a8252ec

Best regards,

Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4
  2026-02-28  9:03 [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4 Mattias Walström
  2026-02-28 10:10 ` Julien Olivain via buildroot
@ 2026-03-06 19:53 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-03-06 19:53 UTC (permalink / raw)
  To: Mattias Walström; +Cc: Thomas Perale, buildroot

In reply of:
> CVE-2025-14821: libssh loads configuration files from the C:\etc directory
> on Windows
> CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
> CVE-2026-0965: Possible Denial of Service when parsing unexpected
> configuration files
> CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
> CVE-2026-0967: Specially crafted patterns could cause DoS
> CVE-2026-0968: OOB Read in sftp_parse_longname()
> libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
> extensions
> 
> Signed-off-by: Mattias Walström <lazzer@gmail.com>

Applied to 2025.02.x & 2025.11.x. Thanks

> ---
>  package/libssh/libssh.hash | 2 +-
>  package/libssh/libssh.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
> index 1c15d77a45..f259261444 100644
> --- a/package/libssh/libssh.hash
> +++ b/package/libssh/libssh.hash
> @@ -1,5 +1,5 @@
>  # Locally calculated after checking pgp signature
>  # https://www.libssh.org/files/0.11/libssh-0.11.3.tar.xz.asc
>  # with key 88A228D89B07C2C77D0C780903D5DF8CFDD3E8E7
> -sha256  7d8a1361bb094ec3f511964e78a5a4dba689b5986e112afabe4f4d0d6c6125c3  libssh-0.11.3.tar.xz
> +sha256  002ac320e3d66c9e100ec6576e3e84aa0c48949efde3bf5b40a2802992297701  libssh-0.11.4.tar.xz
>  sha256  1656186e951db1c010a8485481fa94587f7e53a26d24976bef97945ad0c4df5a  COPYING
> diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
> index 3c7e77a206..56de66d6ea 100644
> --- a/package/libssh/libssh.mk
> +++ b/package/libssh/libssh.mk
> @@ -5,7 +5,7 @@
>  ################################################################################
>  
>  LIBSSH_VERSION_MAJOR = 0.11
> -LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3
> +LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
>  LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
>  LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
>  LIBSSH_LICENSE = LGPL-2.1
> -- 
> 2.43.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-06 19:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-28  9:03 [Buildroot] [PATCH 1/1] package/libssh: Security bump to 0.11.4 Mattias Walström
2026-02-28 10:10 ` Julien Olivain via buildroot
2026-03-06 19:53 ` Thomas Perale via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox