Skip to content

[AUTO-CHERRYPICK] libssh2: patch CVE-2026-55200 (OOB write in transport read) - branch 3.0-dev#17808

Merged
jslobodzian merged 6 commits into
3.0-devfrom
cblmargh/cherry-pick-pr-17803-to-3.0-dev
Jun 26, 2026
Merged

[AUTO-CHERRYPICK] libssh2: patch CVE-2026-55200 (OOB write in transport read) - branch 3.0-dev#17808
jslobodzian merged 6 commits into
3.0-devfrom
cblmargh/cherry-pick-pr-17803-to-3.0-dev

Conversation

@CBL-Mariner-Bot

Copy link
Copy Markdown
Collaborator

This is an auto-generated pull request to cherry-pick commit c68dea1 to 3.0-dev. Original PR: #17803
In case of no merge conflicts, the PR is merged without approval because it's an automated cherry-pick of an already approved PR.
In case of merge conflicts, an AI-based conflict resolver will attempt to resolve conflicts and might make mistakes. The reviewer must check AI's work before approving.

Signed-off-by: Omkhar Arasaratnam <omkhar@linkedin.com>
Co-authored-by: Omkhar Arasaratnam <omkhar@linkedin.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
(cherry picked from commit c68dea1)
@CBL-Mariner-Bot CBL-Mariner-Bot added the Auto Fast-track Cherry-pick Automatic cherry-pick from fast-track branch label Jun 25, 2026
@CBL-Mariner-Bot CBL-Mariner-Bot marked this pull request as ready for review June 25, 2026 20:30
@CBL-Mariner-Bot CBL-Mariner-Bot requested a review from a team as a code owner June 25, 2026 20:30
@CBL-Mariner-Bot

Copy link
Copy Markdown
Collaborator Author

All conflicts resolved.

@CBL-Mariner-Bot

Copy link
Copy Markdown
Collaborator Author

Auto Cherry-Pick SPEC Validation Summary

libssh2 SPEC summary

Source (fasttrack) Target (3.0-dev) Resolved
Version 1.11.1 1.11.1 1.11.1
Release 3 2 3
Patches 2 1 2
Conflict Yes

⚠️ Validation issues:

  • Version-release 1.11.1-3 is not higher than Source 1.11.1-3
  • Duplicate changelog entry for 1.8.0-4 (appears 2 times)

⚠️ Manual review required — validation found issues that may need correction.

@kgodara912

kgodara912 commented Jun 26, 2026

Copy link
Copy Markdown

@copilot, in this, toolkit txt file changes, we have unnecessarily removed the entries of toolkit packages, bring them back and only update the libssh2 related entries with the version bump done in spec file

Copilot AI commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

@copilot, in this, toolkit txt file changes, we have unnecessarily removed the entries of toolkit packages, bring them back and only update the libssh2 related entries with the version bump done in sp...

Addressed in commit 9be3f29: restored the removed toolkit package entries in the manifest txt files and kept only the libssh2 entries updated to 1.11.1-3 to match the spec bump.

Copilot AI requested a review from kgodara912 June 26, 2026 05:31
@jslobodzian jslobodzian merged commit dbac30d into 3.0-dev Jun 26, 2026
24 of 27 checks passed
@jslobodzian jslobodzian deleted the cblmargh/cherry-pick-pr-17803-to-3.0-dev branch June 26, 2026 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3.0-dev PRs Destined for AzureLinux 3.0 Auto Fast-track Cherry-pick Automatic cherry-pick from fast-track branch Automatic PR Packaging

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants