Work done this month:
- Worked on libssh2
- The patch from jessie solving CVE-2019-17498 applies cleanly but it does not build. The reason is that it is using functions introduced by other patches from the jessie version.
- additional-bounds-checks-in-diffie_hellman_sha1.patch introduces libssh2_get_string
- CVE-2019-3859-3+CVE-2019-13115.patch introduces libssh2_get_u32
- A problem here is that CVE-2019-3859 was solved in a different way for stretch, but this can probably be solved by extracting those new functions from the patches above and introduce that as a separate fix.
- Anton took over from here after me reporting the status and how far I had analyzed it.
- The patch from jessie solving CVE-2019-17498 applies cleanly but it does not build. The reason is that it is using functions introduced by other patches from the jessie version.