Skip to content

[automatic] Publish and update 2 advisories for XML2_jll and libssh_jll #242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[automatic] Publish and update 2 advisories for XML2_jll and libssh_jll #242

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions advisories/published/2025/JLSEC-0000-mntrvqww8-ji3oac.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
```toml
schema_version = "1.7.4"
id = "JLSEC-0000-mntrvqww8-ji3oac"
modified = 2025-11-29T03:32:16.520Z
upstream = ["CVE-2025-5987"]
references = ["https://access.redhat.com/security/cve/CVE-2025-5987", "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"]

[[affected]]
pkg = "libssh_jll"
ranges = ["< 0.11.3+0"]

[[jlsec_sources]]
id = "CVE-2025-5987"
imported = 2025-11-29T03:32:16.520Z
modified = 2025-11-28T19:09:30.720Z
published = 2025-07-07T15:15:28.180Z
url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5987"
html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-5987"
```

# A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

6 changes: 3 additions & 3 deletions advisories/published/2025/JLSEC-2025-196.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@ id = "JLSEC-2025-196"
modified = 2025-10-31T18:41:21.318Z
published = 2025-10-28T13:50:46.694Z
upstream = ["CVE-2025-6021"]
references = ["https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"]
references = ["https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:11673", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"]

[[affected]]
pkg = "XML2_jll"
ranges = ["< 2.14.4+0"]

[[jlsec_sources]]
id = "CVE-2025-6021"
imported = 2025-10-28T18:09:09.649Z
modified = 2025-10-27T18:15:44.393Z
imported = 2025-11-29T03:32:14.613Z
modified = 2025-11-29T01:16:03.137Z
published = 2025-06-12T13:15:25.590Z
url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-6021"
html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
Expand Down
Loading