Skip to content

fix(libssh2): CVE-2026-58050#6

Closed
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2026-58050
Closed

fix(libssh2): CVE-2026-58050#6
deepin-ci-robot wants to merge 1 commit into
masterfrom
fix/CVE-2026-58050

Conversation

@deepin-ci-robot

Copy link
Copy Markdown
Contributor

Security Update


Generated by AI

Fix potential multiplication overflow in 32-bit
libssh2_publickey_list_fetch(). An attacker-controlled 32-bit attribute
count could overflow the multiplication num_attrs * sizeof(...) on 32-bit
platforms, leading to an undersized buffer and subsequent heap overflow.
Cap list size at 1024 elements.

Upstream: libssh2/libssh2@3449752
Generated-By: deepseek-v4-flash
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign goldendeng for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

TAG Bot

TAG: 1.11.1-1deepin4
EXISTED: no
DISTRIBUTION: unstable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants