Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#44148 - [lib32-libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG_KEXINIT data

Attached to Project: Community Packages
Opened by Levente Polyak (anthraxx) - Wednesday, 11 March 2015, 12:02 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 11 March 2015, 14:59 GMT
Task Type Bug Report
Category Packages: Multilib
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


It has been reported [0] that libssh2 <= 1.4.3 is vulnerable to out-of-bounds memory access while reading SSH_MSG_KEXINIT data.
The related non-lib32 bug:

It is recommended to either upgrade to 1.5.0 to mitigate this issue or apply a patch provided in the advisory.

This task depends upon

Closed by  Doug Newgard (Scimmia)
Wednesday, 11 March 2015, 14:59 GMT
Reason for closing:  Fixed
Additional comments about closing:  multilib-testing/lib32-libssh2-1.5.0-1