Version in base suite: 0.8.7-1

Base version: libssh_0.8.7-1
Target version: libssh_0.8.7-1+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libs/libssh/libssh_0.8.7-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libs/libssh/libssh_0.8.7-1+deb10u1.dsc

 changelog                                                                    |    7 ++
 patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch |   32 ++++++++++
 patches/series                                                               |    1 
 3 files changed, 40 insertions(+)

diff -Nru libssh-0.8.7/debian/changelog libssh-0.8.7/debian/changelog
--- libssh-0.8.7/debian/changelog	2019-05-23 08:55:12.000000000 +0000
+++ libssh-0.8.7/debian/changelog	2020-04-28 11:40:28.000000000 +0000
@@ -1,3 +1,10 @@
+libssh (0.8.7-1+deb10u1) buster; urgency=medium
+
+  * Fix possible DoS in client and server when handling AES-CTR keys with
+    OpenSSL, cherry-picked from upstream (Closes: #956308 CVE-2020-1730)
+
+ -- Laurent Bigonville <bigon@debian.org>  Tue, 28 Apr 2020 13:40:28 +0200
+
 libssh (0.8.7-1) unstable; urgency=medium
 
   * New upstream bug fix release 0.8.7.
diff -Nru libssh-0.8.7/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch libssh-0.8.7/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
--- libssh-0.8.7/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch	1970-01-01 00:00:00.000000000 +0000
+++ libssh-0.8.7/debian/patches/0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch	2020-04-28 11:40:28.000000000 +0000
@@ -0,0 +1,32 @@
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Tue, 11 Feb 2020 11:52:33 +0100
+Subject: CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key
+
+Fixes T213
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+(cherry picked from commit b36272eac1b36982598c10de7af0a501582de07a)
+---
+ src/libcrypto.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index 340a3e6..b3285e0 100644
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -636,8 +636,12 @@ static void aes_ctr_encrypt(struct ssh_cipher_struct *cipher, void *in, void *ou
+ }
+ 
+ static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
+-    explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+-    SAFE_FREE(cipher->aes_key);
++    if (cipher != NULL) {
++        if (cipher->aes_key != NULL) {
++            explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
++        }
++        SAFE_FREE(cipher->aes_key);
++    }
+ }
+ 
+ #endif /* HAVE_OPENSSL_EVP_AES_CTR */
diff -Nru libssh-0.8.7/debian/patches/series libssh-0.8.7/debian/patches/series
--- libssh-0.8.7/debian/patches/series	2019-05-23 08:55:12.000000000 +0000
+++ libssh-0.8.7/debian/patches/series	2020-04-28 11:40:28.000000000 +0000
@@ -1,2 +1,3 @@
+0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-AES-CT.patch
 1003-custom-lib-names.patch
 2003-disable-expand_tilde_unix-test.patch