mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-01 13:49:03 +03:00
706ebc2e4c
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Drop an upstream patch.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de24e47d90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 lines
335 B
Plaintext
6 lines
335 B
Plaintext
# Locally calculated after checking pgp signature
|
|
# https://www.libssh.org/files/0.8/libssh-0.8.4.tar.xz.asc
|
|
# with key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
|
|
sha256 6bb07713021a8586ba2120b2c36c468dc9ac8096d043f9b1726639aa4275b81b libssh-0.8.4.tar.xz
|
|
sha256 468cf08f784ef6fd3b3705b60dd8111e2b70fbb8f6549cd503665a6bbb3bc625 COPYING
|