[Buildroot] [PATCH] openssh: security bump to version 7.8

Peter Korsgaard peter at korsgaard.com
Tue Aug 28 14:14:17 UTC 2018


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
 > bailout for an invalid authenticating user until after the packet
 > containing the request has been fully parsed.

 > Some OpenSSH developers don't consider this a security issue:

 >   https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed to 2018.02.x and 2018.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list