[Buildroot] [PATCH v2 1/1] package/openssh: security bump to version 8.4p1
christian at paral.in
Mon Mar 1 12:00:59 UTC 2021
On Mon, Mar 1, 2021 at 3:59 AM Christian Stewart <christian at paral.in> wrote:
> From: Baruch Siach <baruch at tkos.co.il>
...sigh... not sure why Git decided Baruch was the author of this one.
> Fixes CVE-2020-15778: scp in OpenSSH through 8.3p1 allows command injection in
> the scp.c toremote function, as demonstrated by backtick characters in the
> destination argument. NOTE: the vendor reportedly has stated that they
> intentionally omit validation of "anomalous argument transfers" because that
> could "stand a great chance of breaking existing workflows."
This vulnerability still exists in openssh in Buildroot 2021.02-rc3.
More information about the buildroot