Comment 4 for bug 1805348

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libssh - 0.6.1-0ubuntu3.5

---------------
libssh (0.6.1-0ubuntu3.5) trusty-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <email address hidden> Tue, 27 Nov 2018 10:05:25 -0500