SOURCES/CVE-2025-5318.patch

@@ -1,27 +0,0 @@
-From 9a08a370f68266f92df5a6037bd722041703df27 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Tue, 22 Apr 2025 21:18:44 +0200
-Subject: [PATCH] CVE-2025-5318: sftpserver: Fix possible buffer overrun
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/sftpserver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/sftpserver.c b/src/sftpserver.c
-index 9117f155..b3349e16 100644
---- a/src/sftpserver.c
-+++ b/src/sftpserver.c
-@@ -538,7 +538,7 @@ void *sftp_handle(sftp_session sftp, ssh_string handle){
- 
-   memcpy(&val, ssh_string_data(handle), sizeof(uint32_t));
- 
--  if (val > SFTP_HANDLES) {
-+  if (val >= SFTP_HANDLES) {
-     return NULL;
-   }
- 
--- 
-2.50.1
-

SOURCES/CVE-2025-5372.patch

@@ -1,42 +0,0 @@
-From 155df31305bee839041a04247645ad066ada95ee Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 14 May 2025 14:07:58 +0200
-Subject: [PATCH] CVE-2025-5372 libgcrypto: Simplify error checking and
- handling of return codes in ssh_kdf()
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/libcrypto.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/libcrypto.c b/src/libcrypto.c
-index 3db75df6..88d93862 100644
---- a/src/libcrypto.c
-+++ b/src/libcrypto.c
-@@ -366,6 +366,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
-             int key_type, unsigned char *output,
-             size_t requested_len)
- {
-+    int ret = SSH_ERROR;
-     EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
-     int rc;
- 
-@@ -401,10 +402,12 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
-         goto out;
-     }
- 
-+    ret = SSH_OK;
-+
- out:
-     EVP_KDF_CTX_free(ctx);
--    if (rc < 0) {
--        return rc;
-+    if (ret < 0) {
-+        return ret;
-     }
-     return 0;
- }
--- 
-2.51.0
-

SPECS/libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        16%{?dist}
+Release:        14%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -20,8 +20,6 @@ Patch5:         covscan23.patch
 Patch6:         CVE-2023-48795.patch
 Patch7:         CVE-2023-6004.patch
 Patch8:         CVE-2023-6918.patch
-Patch9:         CVE-2025-5318.patch
-Patch10:        CVE-2025-5372.patch
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
@@ -150,14 +148,6 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
-* Wed Nov 05 2025 Pavol Žáčik <pzacik@redhat.com> - 0.9.6-16
-- Fix CVE-2025-5372
-  Resolves: RHEL-121232
-
-* Tue Sep 30 2025 Pavol Žáčik <pzacik@redhat.com> - 0.9.6-15
-- Fix CVE-2025-5318
-  Resolves: RHEL-111724
-
 * Mon Feb 26 2024 Sahana Prasad <sahana@redhat.com> - 0.9.6-14
 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
 - Fix CVE-2023-6918 Missing checks for return values for digests