[Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3

Gustavo Zacarias gustavo at zacarias.com.ar
Wed Feb 24 12:01:43 UTC 2016


Fixes:
CVE-2016-0739 - Bits/bytes confusion resulting in truncated
Difffie-Hellman secret length.

Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
 package/libssh/libssh.hash | 6 +++---
 package/libssh/libssh.mk   | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
index 49bf6c9..1eef804 100644
--- a/package/libssh/libssh.hash
+++ b/package/libssh/libssh.hash
@@ -1,4 +1,4 @@
 # from https://red.libssh.org/projects/libssh/files/
-md5	5d7d468937649a6dfc6186edfff083db	libssh-0.7.2.tar.xz
-# Locally calculated after checking signature on uncompressed libssh-0.7.2.tar
-sha256	a32c45b9674141cab4bde84ded7d53e931076c6b0f10b8fd627f3584faebae62  libssh-0.7.2.tar.xz
+md5	05465da8004f3258db946346213209de	libssh-0.7.3.tar.xz
+# Locally calculated after checking signature on uncompressed libssh-0.7.3.tar
+sha256	26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98  libssh-0.7.3.tar.xz
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
index d425ff0..29bbf4e 100644
--- a/package/libssh/libssh.mk
+++ b/package/libssh/libssh.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-LIBSSH_VERSION = 0.7.2
+LIBSSH_VERSION = 0.7.3
 LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
-LIBSSH_SITE = https://red.libssh.org/attachments/download/177
+LIBSSH_SITE = https://red.libssh.org/attachments/download/195
 LIBSSH_LICENSE = LGPLv2.1
 LIBSSH_LICENSE_FILES = COPYING
 LIBSSH_INSTALL_STAGING = YES
-- 
2.4.10



More information about the buildroot mailing list