[Buildroot] [PATCH v2 1/1] package/openssh: security bump to version 8.4p1
Peter Korsgaard
peter at korsgaard.com
Sat Mar 13 15:00:14 UTC 2021
>>>>> "Christian" == Christian Stewart <christian at paral.in> writes:
> From: Baruch Siach <baruch at tkos.co.il>
> Fixes CVE-2020-15778: scp in OpenSSH through 8.3p1 allows command injection in
> the scp.c toremote function, as demonstrated by backtick characters in the
> destination argument. NOTE: the vendor reportedly has stated that they
> intentionally omit validation of "anomalous argument transfers" because that
> could "stand a great chance of breaking existing workflows."
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778
> Signed-off-by: Christian Stewart <christian at paral.in>
Committed to 2020.02.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list