projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c9bfe7b) | patch
package/putty: fix CVE-2021-36367
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 17 Jul 2021 09:16:19 +0000 (11:16 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 17 Jul 2021 10:02:21 +0000 (12:02 +0200)
commit1352b59eb2e48162af13d37287c00c23776b02bb
tree0e26d10ad42531d2c6f00ac1122fa79853571672tree
parentc9bfe7b19efa18d3c23aaf2f42628ac48846c18ccommit | diff
package/putty: fix CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it
has never sent a substantive authentication response. This makes it
easier for an attacker-controlled SSH server to present a later spoofed
authentication prompt (that the attacker can use to capture credential
data, and use that data for purposes that are undesired by the client
user).

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/putty/0002-New-option-to-reject-trivial-success-of-userauth.patch [new file with mode: 0644] blob
package/putty/putty.mk diff | blob | history