[Git][security-tracker-team/security-tracker][master] Track fixed version for some libssh issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca91c0af by Salvatore Bonaccorso at 2026-03-15T14:43:09+01:00
Track fixed version for some libssh issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3138,7 +3138,7 @@ CVE-2026-3733 (A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This
 CVE-2026-3732 (A security vulnerability has been detected in Tenda F453 1.0.0.3. This ...)
 	NOT-FOR-US: Tenda
 CVE-2026-3731 (A weakness has been identified in libssh up to 0.11.3. The impacted el ...)
-	- libssh <unfixed> (bug #1127693)
+	- libssh 0.12.0-1 (bug #1127693)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	NOTE: https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt
@@ -13973,7 +13973,7 @@ CVE-2019-25306 (BlackMoon FTP Server 3.1.2.1731 contains an unquoted service pat
 CVE-2018-25157 (Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability  ...)
 	NOT-FOR-US: Phraseanet
 CVE-2026-0968 [Denial of Service due to malformed SFTP message]
-	- libssh <unfixed> (bug #1127693)
+	- libssh 0.12.0-1 (bug #1127693)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	[bullseye] - libssh <postponed> (Minor issue)
@@ -13981,14 +13981,14 @@ CVE-2026-0968 [Denial of Service due to malformed SFTP message]
 	NOTE: Tests: https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03 (libssh-0.11.4)
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9 (libssh-0.11.4)
 CVE-2026-0967 [Denial of Service via inefficient regular expression processing]
-	- libssh <unfixed> (bug #1127693)
+	- libssh 0.12.0-1 (bug #1127693)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	[bullseye] - libssh <postponed> (Minor issue)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0967.txt
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15 (libssh-0.11.4)
 CVE-2026-0966 [Buffer underflow in ssh_get_hexa() on invalid input]
-	- libssh <unfixed> (bug #1127693)
+	- libssh 0.12.0-1 (bug #1127693)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	[bullseye] - libssh <postponed> (Minor issue)
@@ -13997,14 +13997,14 @@ CVE-2026-0966 [Buffer underflow in ssh_get_hexa() on invalid input]
 	NOTE: Tests: https://git.libssh.org/projects/libssh.git/commit/?id=b156391833c66322436cf177d57e10b0325fbcc8 (libssh-0.11.4)
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6ba5ff1b7b1547a59f750fbc06b89737b7456117 (libssh-0.11.4)
 CVE-2026-0965 [Denial of Service via improper configuration file handling]
-	- libssh <unfixed> (bug #1127693)
+	- libssh 0.12.0-1 (bug #1127693)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	[bullseye] - libssh <postponed> (Minor issue)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2026-0965.txt
 	NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76 (libssh-0.11.4)
 CVE-2026-0964 [Improper sanitation of paths received from SCP servers]
-	- libssh <unfixed> (bug #1127693)
+	- libssh 0.12.0-1 (bug #1127693)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
 	[bullseye] - libssh <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca91c0af1e52152fe92ddafbc81955dd1d42cd1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca91c0af1e52152fe92ddafbc81955dd1d42cd1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260315/287df65e/attachment.htm>