projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd0bb8b) | patch
package/openssh: add upstream security fix
authorBaruch Siach <baruch@tkos.co.il>
Tue, 15 Jan 2019 11:17:53 +0000 (13:17 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 15 Jan 2019 18:49:22 +0000 (19:49 +0100)
commit8233c666124890fff713ecb254993b52b1fa7674
tree4905511788912541ee0481127c9eb76256f6df0atree
parentbd0bb8b8f6c975de3c926359990da9308d08a9e0commit | diff
package/openssh: add upstream security fix

Fixes CVE-2018-20685: The scp client allows server to modify permissions
of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
.\n") directory name.

The bug reporter lists a number of related vulnerabilities that are not
fixed yet:

  https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/openssh/0001-upstream-disallow-empty-incoming-filename-or-ones-th.patch [new file with mode: 0644] blob