Version in base suite: 0.11.2-1

Base version: libssh_0.11.2-1
Target version: libssh_0.11.2-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libs/libssh/libssh_0.11.2-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libs/libssh/libssh_0.11.2-1+deb13u1.dsc

 changelog                   |    7 ++
 patches/CVE-2025-8114.patch |   32 +++++++++
 patches/CVE-2025-8277.patch |  153 ++++++++++++++++++++++++++++++++++++++++++++
 patches/series              |    2 
 4 files changed, 194 insertions(+)

gpgv: Signature made Fri Nov  7 16:39:48 2025 UTC
gpgv:                using RSA key B6E62F3D12AC38495C0DA90510C293B6C37C4E36
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpxfguk_tk/libssh_0.11.2-1+deb13u1.dsc: no acceptable signature found
diff -Nru libssh-0.11.2/debian/changelog libssh-0.11.2/debian/changelog
--- libssh-0.11.2/debian/changelog	2025-06-28 05:42:47.000000000 +0000
+++ libssh-0.11.2/debian/changelog	2025-11-03 23:32:14.000000000 +0000
@@ -1,3 +1,10 @@
+libssh (0.11.2-1+deb13u1) trixie; urgency=medium
+
+  * CVE-2025-8277 (Closes: #1114859)
+  * CVE-2025-8114 (Closes: #1109860)
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Tue, 04 Nov 2025 00:32:14 +0100
+
 libssh (0.11.2-1) unstable; urgency=medium
 
   * New upstream security/bug fix release:
diff -Nru libssh-0.11.2/debian/patches/CVE-2025-8114.patch libssh-0.11.2/debian/patches/CVE-2025-8114.patch
--- libssh-0.11.2/debian/patches/CVE-2025-8114.patch	1970-01-01 00:00:00.000000000 +0000
+++ libssh-0.11.2/debian/patches/CVE-2025-8114.patch	2025-11-03 23:32:14.000000000 +0000
@@ -0,0 +1,32 @@
+From 65f363c9e3a22b90af7f74b5c439a133b1047379 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 6 Aug 2025 15:17:59 +0200
+Subject: CVE-2025-8114: Fix NULL pointer dereference after allocation failure
+
+--- libssh-0.11.2.orig/src/kex.c
++++ libssh-0.11.2/src/kex.c
+@@ -1487,6 +1487,8 @@ int ssh_make_sessionid(ssh_session sessi
+     ssh_log_hexdump("hash buffer", ssh_buffer_get(buf), ssh_buffer_get_len(buf));
+ #endif
+ 
++    /* Set rc for the following switch statement in case we goto error. */
++    rc = SSH_ERROR;
+     switch (session->next_crypto->kex_type) {
+     case SSH_KEX_DH_GROUP1_SHA1:
+     case SSH_KEX_DH_GROUP14_SHA1:
+@@ -1546,6 +1548,7 @@ int ssh_make_sessionid(ssh_session sessi
+                session->next_crypto->secret_hash);
+         break;
+     }
++
+     /* During the first kex, secret hash and session ID are equal. However, after
+      * a key re-exchange, a new secret hash is calculated. This hash will not replace
+      * but complement existing session id.
+@@ -1554,6 +1557,7 @@ int ssh_make_sessionid(ssh_session sessi
+         session->next_crypto->session_id = malloc(session->next_crypto->digest_len);
+         if (session->next_crypto->session_id == NULL) {
+             ssh_set_error_oom(session);
++            rc = SSH_ERROR;
+             goto error;
+         }
+         memcpy(session->next_crypto->session_id, session->next_crypto->secret_hash,
diff -Nru libssh-0.11.2/debian/patches/CVE-2025-8277.patch libssh-0.11.2/debian/patches/CVE-2025-8277.patch
--- libssh-0.11.2/debian/patches/CVE-2025-8277.patch	1970-01-01 00:00:00.000000000 +0000
+++ libssh-0.11.2/debian/patches/CVE-2025-8277.patch	2025-11-03 23:32:14.000000000 +0000
@@ -0,0 +1,153 @@
+Consists of these fixes upstream:
+
+From 87db2659ec608a977a63eea529f17b9168388d73 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 5 Aug 2025 18:42:31 +0200
+Subject: CVE-2025-8277: packet: Adjust packet filter to work when DH-GEX is
+ guessed wrongly
+
+From 266174a6d36687b65cf90174f06af90b8b27c65f Mon Sep 17 00:00:00 2001
+From: Francesco Rollo <eferollo@gmail.com>
+Date: Thu, 24 Jul 2025 16:30:07 +0300
+Subject: CVE-2025-8277: Fix memory leak of unused ephemeral key pair after
+ client's wrong KEX guess
+
+From 8e4d67aa9eda455bfad9ac610e54b7a548d0aa08 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 6 Aug 2025 11:10:38 +0200
+Subject: CVE-2025-8277: ecdh: Free previously allocated pubkeys
+
+From 1c763e29d138db87665e98983f468d2dd0f286c1 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 6 Aug 2025 15:32:56 +0200
+Subject: CVE-2025-8277: mbedtls: Avoid leaking ecdh keys
+
+--- libssh-0.11.2.orig/src/dh_crypto.c
++++ libssh-0.11.2/src/dh_crypto.c
+@@ -407,6 +407,11 @@ int ssh_dh_init_common(struct ssh_crypto
+     struct dh_ctx *ctx = NULL;
+     int rc;
+ 
++    /* Cleanup any previously allocated dh_ctx */
++    if (crypto->dh_ctx != NULL) {
++        ssh_dh_cleanup(crypto);
++    }
++
+     ctx = calloc(1, sizeof(*ctx));
+     if (ctx == NULL) {
+         return SSH_ERROR;
+--- libssh-0.11.2.orig/src/dh_key.c
++++ libssh-0.11.2/src/dh_key.c
+@@ -237,6 +237,11 @@ int ssh_dh_init_common(struct ssh_crypto
+     struct dh_ctx *ctx = NULL;
+     int rc;
+ 
++    /* Cleanup any previously allocated dh_ctx */
++    if (crypto->dh_ctx != NULL) {
++        ssh_dh_cleanup(crypto);
++    }
++
+     ctx = calloc(1, sizeof(*ctx));
+     if (ctx == NULL) {
+         return SSH_ERROR;
+--- libssh-0.11.2.orig/src/ecdh_crypto.c
++++ libssh-0.11.2/src/ecdh_crypto.c
+@@ -191,6 +191,17 @@ static ssh_string ssh_ecdh_generate(ssh_
+ #endif /* OPENSSL_VERSION_NUMBER */
+         return NULL;
+     }
++
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++        EC_KEY_free(session->next_crypto->ecdh_privkey);
++#else
++        EVP_PKEY_free(session->next_crypto->ecdh_privkey);
++#endif
++        session->next_crypto->ecdh_privkey = NULL;
++    }
++
+     session->next_crypto->ecdh_privkey = key;
+     return pubkey_string;
+ }
+@@ -219,6 +230,7 @@ int ssh_client_ecdh_init(ssh_session ses
+         return SSH_ERROR;
+     }
+ 
++    ssh_string_free(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+ 
+     /* register the packet callbacks */
+--- libssh-0.11.2.orig/src/ecdh_gcrypt.c
++++ libssh-0.11.2/src/ecdh_gcrypt.c
+@@ -101,8 +101,15 @@ int ssh_client_ecdh_init(ssh_session ses
+         goto out;
+     }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++        gcry_sexp_release(session->next_crypto->ecdh_privkey);
++        session->next_crypto->ecdh_privkey = NULL;
++    }
+     session->next_crypto->ecdh_privkey = key;
+     key = NULL;
++
++    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+     client_pubkey = NULL;
+ 
+--- libssh-0.11.2.orig/src/ecdh_mbedcrypto.c
++++ libssh-0.11.2/src/ecdh_mbedcrypto.c
+@@ -70,6 +70,12 @@ int ssh_client_ecdh_init(ssh_session ses
+         return SSH_ERROR;
+     }
+ 
++    /* Free any previously allocated privkey */
++    if (session->next_crypto->ecdh_privkey != NULL) {
++        mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
++        SAFE_FREE(session->next_crypto->ecdh_privkey);
++    }
++
+     session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
+     if (session->next_crypto->ecdh_privkey == NULL) {
+         return SSH_ERROR;
+@@ -110,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session ses
+         goto out;
+     }
+ 
++    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
+     session->next_crypto->ecdh_client_pubkey = client_pubkey;
+     client_pubkey = NULL;
+ 
+--- libssh-0.11.2.orig/src/packet.c
++++ libssh-0.11.2/src/packet.c
+@@ -294,6 +294,7 @@ static enum ssh_packet_filter_result_e s
+          *   or session_state == SSH_SESSION_STATE_INITIAL_KEX
+          * - dh_handshake_state == DH_STATE_INIT
+          *   or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
++         *   or dh_handshake_state == DH_STATE_REQUEST_SENT (dh-gex)
+          *   or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
+          *
+          * Transitions:
+@@ -313,6 +314,7 @@ static enum ssh_packet_filter_result_e s
+ 
+         if ((session->dh_handshake_state != DH_STATE_INIT) &&
+             (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
++            (session->dh_handshake_state != DH_STATE_REQUEST_SENT) &&
+             (session->dh_handshake_state != DH_STATE_FINISHED))
+         {
+             rc = SSH_PACKET_DENIED;
+--- libssh-0.11.2.orig/src/wrapper.c
++++ libssh-0.11.2/src/wrapper.c
+@@ -181,7 +181,10 @@ void crypto_free(struct ssh_crypto_struc
+ #endif /* OPENSSL_VERSION_NUMBER */
+ #elif defined HAVE_GCRYPT_ECC
+         gcry_sexp_release(crypto->ecdh_privkey);
+-#endif
++#elif defined HAVE_LIBMBEDCRYPTO
++        mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
++        SAFE_FREE(crypto->ecdh_privkey);
++#endif /* HAVE_LIBGCRYPT */
+         crypto->ecdh_privkey = NULL;
+     }
+ #endif
diff -Nru libssh-0.11.2/debian/patches/series libssh-0.11.2/debian/patches/series
--- libssh-0.11.2/debian/patches/series	2025-06-28 05:42:47.000000000 +0000
+++ libssh-0.11.2/debian/patches/series	2025-11-03 23:32:14.000000000 +0000
@@ -1,3 +1,5 @@
 1003-custom-lib-names.patch
 2003-disable-expand_tilde_unix-test.patch
 2004-install-static-lib.patch
+CVE-2025-8277.patch
+CVE-2025-8114.patch