fix(libssh2): CVE-2026-58051, CVE-2026-58050 - publickey list fixes#7
fix(libssh2): CVE-2026-58051, CVE-2026-58050 - publickey list fixes#7deepin-ci-robot wants to merge 1 commit into
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
TAG Bot TAG: 1.11.1-1+deb13u1deepin2 |
892f80e to
5e5701f
Compare
5e5701f to
2e65fdc
Compare
|
\OBS CI build shows a service error on libssh2 (same on PR #6). |
5c4107c to
3670aaf
Compare
CVE-2026-58051: publickey list fetch uninitialized entry fix - Zero-initialize new list entry after SSH2_REALLOC - Upstream: libssh2/libssh2@a9758da CVE-2026-58050: publickey list fetch attribute overflow fix - Cap list size at 1024 elements to prevent integer overflow - Upstream: libssh2/libssh2@3449752 Co-authored-by: hudeng <hudeng@deepin.org>
3670aaf to
00fd9fd
Compare
|
/integrate |
|
AutoIntegrationPr Bot |
Summary
Fix two CVEs in libssh2 publickey list handling.
Changes
CVE-2026-58051: publickey list fetch uninitialized entry fix
CVE-2026-58050: publickey list fetch attribute overflow fix
Generated-By
deepseek-v4-flash (uos/deepseek-v4-flash)
Co-Authored-By
hudeng hudeng@deepin.org