[Buildroot] [PATCH] package/openssh: add upstream security fix
peter at korsgaard.com
Tue Jan 15 18:52:13 UTC 2019
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Fixes CVE-2018-20685: The scp client allows server to modify permissions
> of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
> .\n") directory name.
> The bug reporter lists a number of related vulnerabilities that are not
> fixed yet:
The vulnerability unfortunately does not mention dropbear. I wonder if a
similar fix is needed there?
Bye, Peter Korsgaard
More information about the buildroot