Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions debian/changelog
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
libssh2 (1.11.1-1deepin3) unstable; urgency=medium

* Fix CVE-2026-58051: fix potential arbitrary free in
libssh2_publickey_list_fetch() due to uninitialized list entry after
SSH2_REALLOC (upstream commit
a9758da45a52bc8c630ec9493804d0c6ea30b24a)

-- deepin-ci-robot <packages@deepin.org> Wed, 01 Jul 2026 13:40:18 +0800

libssh2 (1.11.1-1deepin2) unstable; urgency=medium

* Fix CVE-2026-7598: integer overflow in userauth_password
Expand Down
18 changes: 18 additions & 0 deletions debian/patches/CVE-2026-58051.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
Description: publickey: fix potential arbitrary free in libssh2_publickey_list_fetch()
Due to uninitialized list entry. After SSH2_REALLOC, zero-initialize
the new entry before parsing populates it, preventing a cleanup path
from operating on uninitialized data.
Origin: upstream, https://github.com/libssh2/libssh2/commit/a9758da45a52bc8c630ec9493804d0c6ea30b24a
Bug: https://github.com/libssh2/libssh2/pull/2127
Last-Update: 2026-07-01

--- a/src/publickey.c
+++ b/src/publickey.c
@@ -905,6 +905,7 @@ int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey,
goto err_exit;
}
list = newlist;
+ memset(&list[keys], 0, sizeof(list[keys]));
}
if(pkey->version == 1) {
unsigned long comment_len;
1 change: 1 addition & 0 deletions debian/patches/series
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
#maxpathlen.patch
#openssh-9.8.patch
CVE-2026-7598.patch
CVE-2026-58051.patch
Loading