shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-28 07:13:54 +09:00
Code Issues Packages Projects Releases Wiki Activity

Add back Security section to 0.12.0 changelog

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
This commit is contained in:
Jakub Jelen
2026-02-12 14:54:06 +01:00
parent f13a8d7ced
commit f8cba20859
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGELOG
View File

@@ -2,6 +2,17 @@ CHANGELOG
========= =========
version 0.12.0 (released 2026-02-10) version 0.12.0 (released 2026-02-10)
* Security:
* CVE-2025-14821: libssh loads configuration files from the C:\etc directory
on Windows
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
* CVE-2026-0967: Specially crafted patterns could cause DoS
* CVE-2026-0968: OOB Read in sftp_parse_longname()
* libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
extensions
* Deprecations and removals: * Deprecations and removals:
* Bumped minimal RSA key size to 1024 bits * Bumped minimal RSA key size to 1024 bits
* New functionality: * New functionality: