[Git][security-tracker-team/security-tracker][master] Reference upstream commits for libssh issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
002b46eb by Salvatore Bonaccorso at 2025-06-24T22:57:25+02:00
Reference upstream commits for libssh issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,26 +80,38 @@ CVE-2025-6032 (A flaw was found in Podman. The podman machine init command fails
 CVE-2025-5987
 	- libssh <unfixed>
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5987.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57 (libssh-0.11.2)
 CVE-2025-5449
 	- libssh <unfixed>
 	[bookworm] - libssh <not-affected> (Vulnerable code not present)
 	[bullseye] - libssh <not-affected> (Vulnerable code not present)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5449.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=261612179f740bc62ba363d98b3bd5e5573a811f (libssh-0.11.2)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=3443aec90188d6aab9282afc80a81df5ab72c4da (libssh-0.11.2)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496 (libssh-0.11.2)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2)
 CVE-2025-5372
 	- libssh <unfixed>
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972 (libssh-0.11.2)
 CVE-2025-5351
 	- libssh <unfixed>
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5351.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256 (libssh-0.11.2)
 CVE-2025-5318 (A flaw was found in the libssh library. An out-of-bounds read can be t ...)
 	- libssh <unfixed>
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 (libssh-0.11.2)
 CVE-2025-4878
 	- libssh <unfixed>
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 (libssh-0.11.2)
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb (libssh-0.11.2)
 CVE-2025-4877
 	- libssh <unfixed>
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-4877.txt
+	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d (libssh-0.11.2)
 CVE-2025-5087 (Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely usin ...)
 	TODO: check
 CVE-2025-53073 (In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/002b46eb64d7be1e5004316b75c1124bbc2f7457

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/002b46eb64d7be1e5004316b75c1124bbc2f7457
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/a47a6e1b/attachment.htm>