Version in base suite: 1.9.0-2

Base version: libssh2_1.9.0-2
Target version: libssh2_1.9.0-2+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libs/libssh2/libssh2_1.9.0-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libs/libssh2/libssh2_1.9.0-2+deb11u1.dsc

 changelog                    |    7 +++++++
 copyright                    |    2 +-
 patches/CVE-2020-22218.patch |   14 ++++++++++++++
 patches/series               |    1 +
 4 files changed, 23 insertions(+), 1 deletion(-)

diff -Nru libssh2-1.9.0/debian/changelog libssh2-1.9.0/debian/changelog
--- libssh2-1.9.0/debian/changelog	2020-12-14 15:02:16.000000000 +0000
+++ libssh2-1.9.0/debian/changelog	2023-11-29 12:00:07.000000000 +0000
@@ -1,3 +1,10 @@
+libssh2 (1.9.0-2+deb11u1) bullseye; urgency=medium
+
+  * Fix CVE-2020-22218: missing check in _libssh2_packet_add() allows
+    attackers to access out of bounds memory.
+
+ -- Nicolas Mora <babelouest@debian.org>  Wed, 29 Nov 2023 07:00:07 -0500
+
 libssh2 (1.9.0-2) unstable; urgency=medium
 
   * d/control: Fix VCS URIs
diff -Nru libssh2-1.9.0/debian/copyright libssh2-1.9.0/debian/copyright
--- libssh2-1.9.0/debian/copyright	2020-12-07 01:05:35.000000000 +0000
+++ libssh2-1.9.0/debian/copyright	2023-11-29 12:00:07.000000000 +0000
@@ -14,7 +14,7 @@
 
 Files: debian/*
 Copyright: 2007-2018 Mikhail Gusarov <dottedmag@debian.org>
-           2020 Nicolas Mora <babelouest@debian.org>
+           2020-2023 Nicolas Mora <babelouest@debian.org>
 License: BSD3
 
 License: BSD3
diff -Nru libssh2-1.9.0/debian/patches/CVE-2020-22218.patch libssh2-1.9.0/debian/patches/CVE-2020-22218.patch
--- libssh2-1.9.0/debian/patches/CVE-2020-22218.patch	1970-01-01 00:00:00.000000000 +0000
+++ libssh2-1.9.0/debian/patches/CVE-2020-22218.patch	2023-11-29 12:00:07.000000000 +0000
@@ -0,0 +1,14 @@
+Description: Fix CVE-2020-22218
+Author: Nicolas Mora <babelouest@debian.org>
+Forwarded: not-needed
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -472,7 +472,7 @@
+             /* Get a packet handle put data into. We get one to
+                hold all data, including padding and MAC. */
+             p->payload = LIBSSH2_ALLOC(session, total_num);
+-            if(!p->payload) {
++            if(total_num == 0 || !p->payload) {
+                 return LIBSSH2_ERROR_ALLOC;
+             }
+             p->total_num = total_num;
diff -Nru libssh2-1.9.0/debian/patches/series libssh2-1.9.0/debian/patches/series
--- libssh2-1.9.0/debian/patches/series	2020-12-07 01:05:36.000000000 +0000
+++ libssh2-1.9.0/debian/patches/series	2023-11-29 12:00:07.000000000 +0000
@@ -1,3 +1,4 @@
+CVE-2020-22218.patch
 manpage.patch
 0001-Add-lgpg-error-to-.pc-to-facilitate-static-linking.patch
 0001-Do-not-expose-private-libraries-nor-link-flags-to-us.patch