[Buildroot] [PATCH] package/openssh: add upstream security fix
Peter Korsgaard
peter at korsgaard.com
Thu Jan 24 16:26:55 UTC 2019
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Fixes CVE-2018-20685: The scp client allows server to modify permissions
> of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
> .\n") directory name.
> The bug reporter lists a number of related vulnerabilities that are not
> fixed yet:
> https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2018.02.x and 2018.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list