[Buildroot] [PATCH] package/openssh: add upstream security fix

Peter Korsgaard peter at korsgaard.com
Tue Jan 15 18:52:13 UTC 2019


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Fixes CVE-2018-20685: The scp client allows server to modify permissions
 > of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
 > .\n") directory name.

 > The bug reporter lists a number of related vulnerabilities that are not
 > fixed yet:

 >   https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Committed, thanks.

The vulnerability unfortunately does not mention dropbear. I wonder if a
similar fix is needed there?

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list