godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

libssh: security bump to version 0.8.4

Browse Source 
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.

  https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Drop an upstream patch.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de24e47d90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Baruch Siach
2018-10-16 15:31:08 +03:00
committed by Peter Korsgaard
parent a1bc7d71d7
commit 61b2dcb49e
3 changed files with 3 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/libssh/libssh.mk
View File

@@ -5,7 +5,7 @@
################################################################################
LIBSSH_VERSION_MAJOR = 0.8
LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3
LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
LIBSSH_LICENSE = LGPL-2.1