[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-5351/libssh n/a on bullseye

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Wed Nov 26 11:39:08 GMT 2025 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03d737ab by Emilio Pozuelo Monfort at 2025-11-26T12:19:45+01:00
CVE-2025-5351/libssh n/a on bullseye

- - - - -
07628dc3 by Emilio Pozuelo Monfort at 2025-11-26T12:25:02+01:00
CVE-2025-5987/libssh n/a on bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50351,7 +50351,7 @@ CVE-2025-6032 (A flaw was found in Podman. The podman machine init command fails
 CVE-2025-5987 (A flaw was found in libssh when using the ChaCha20 cipher with the Ope ...)
 	- libssh 0.11.2-1 (bug #1108407)
 	[bookworm] - libssh <no-dsa> (Minor issue)
-	[bullseye] - libssh <postponed> (Minor issue)
+	[bullseye] - libssh <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5987.txt
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57 (libssh-0.11.2)
 CVE-2025-5449 (A flaw was found in the SFTP server message decoding logic of libssh.  ...)
@@ -50373,7 +50373,7 @@ CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions o
 CVE-2025-5351 (A flaw was found in the key export functionality of libssh. The issue  ...)
 	- libssh 0.11.2-1 (bug #1108407)
 	[bookworm] - libssh <no-dsa> (Minor issue)
-	[bullseye] - libssh <postponed> (Minor issue)
+	[bullseye] - libssh <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-5351.txt
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256 (libssh-0.11.2)
 CVE-2025-5318 (A flaw was found in the libssh library in versions less than 0.11.2. A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/19ce91ee0ac7e6b48ba2ecabae59b54b1d3aff26...07628dc3c7652301acc094f85232c37fd83bd93e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/19ce91ee0ac7e6b48ba2ecabae59b54b1d3aff26...07628dc3c7652301acc094f85232c37fd83bd93e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251126/1d413afc/attachment.htm>

More information about the debian-security-tracker-commits mailing list