[Git][security-tracker-team/security-tracker][master] Add details on libssh issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 11 17:13:03 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a00c57fe by Salvatore Bonaccorso at 2026-02-11T18:12:37+01:00
Add details on libssh issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,22 +1,21 @@
 CVE-2026-0968 [Denial of Service due to malformed SFTP message]
-	- libssh <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2436982
+	- libssh <unfixed>
+	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0968.txt
 CVE-2026-0967 [Denial of Service via inefficient regular expression processing]
-	- libssh <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2436981
+	- libssh <unfixed>
+	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0967.txt
 CVE-2026-0966 [Buffer underflow in ssh_get_hexa() on invalid input]
-	- libssh <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2433121
+	- libssh <unfixed>
+	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0966.txt
 CVE-2026-0965 [Denial of Service via improper configuration file handling]
-	- libssh <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2436980
+	- libssh <unfixed>
+	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0965.txt
 CVE-2026-0964 [Improper sanitation of paths received from SCP servers]
-	- libssh <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2436979
+	- libssh <unfixed>
+	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0964.txt
 CVE-2025-14821 [Insecure default configuration leads to local man-in-the-middle attacks on Windows]
-	- libssh <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2423148
-	TODO: appears to be only relevant on Windows systems
+	- libssh <not-affected> (Only affects libssh on Windows)
+	NOTE: https://www.libssh.org/security/advisories/CVE-2025-14821.txt
 CVE-2026-26044
 	REJECTED
 CVE-2026-26043



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a00c57fe1ae55bc993f605c063c943ce8d1473bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a00c57fe1ae55bc993f605c063c943ce8d1473bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260211/00e5277d/attachment.htm>

More information about the debian-security-tracker-commits mailing list