mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-17 20:51:34 +03:00
0e418046b1
Fixes CVE-2018-20685: The scp client allows server to modify permissions
of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0
.\n") directory name.
The bug reporter lists a number of related vulnerabilities that are not
fixed yet:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8233c66612)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>