git.libre-soc.org Git - buildroot.git/commit

author	Baruch Siach <baruch@tkos.co.il>
	Tue, 16 Oct 2018 12:31:08 +0000 (15:31 +0300)
committer	Peter Korsgaard <peter@korsgaard.com>
	Tue, 16 Oct 2018 12:45:15 +0000 (14:45 +0200)
commit	de24e47d90f64f546978b6ec12f769dc4fd89587
tree	fe9c3f3326dcbeca118dcae3074272947d7699de	tree
parent	ea5525e116c95310777351415b527a3b26078193	commit \| diff

libssh: security bump to version 0.8.4

Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.

https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Drop an upstream patch.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libssh/0001-config-Fix-building-without-globbing-support.patch	[deleted file]	blob \| history
package/libssh/libssh.hash		diff \| blob \| history
package/libssh/libssh.mk		diff \| blob \| history