* [Buildroot] [git commit] openssh: security bump to version 7.1p2
@ 2016-01-14 19:13 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2016-01-14 19:13 UTC (permalink / raw)
To: buildroot
commit: http://git.buildroot.net/buildroot/commit/?id=2ff0e32e254e3ee6d96f6b13b7bf182b4e1def73
branch: http://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes:
CVE-2016-0777 - Client Information leak from use of roaming connection
feature.
CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH
client roaming feature was implemented. A malicious server could
potentially use this flaw to execute arbitrary code on a successfully
authenticated OpenSSH client if that client used certain non-default
configuration options.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: James Knight <james.knight@rockwellcollins.com>
Tested-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/openssh/openssh.hash | 5 ++---
package/openssh/openssh.mk | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash
index 84f0667..b93b4a9 100644
--- a/package/openssh/openssh.hash
+++ b/package/openssh/openssh.hash
@@ -1,4 +1,3 @@
# Locally calculated after checking pgp signature
-# Also from http://www.openssh.com/txt/release-7.1 (sha256 is base64 encoded)
-# Decode with -> echo <encoded stuff>|base64 -d|hexdump -v -e '/1 "%02x"'
-sha256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 openssh-7.1p1.tar.gz
+# Also from http://www.openssh.com/txt/release-7.1p2
+sha256 dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd openssh-7.1p2.tar.gz
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index fb5779e..4e97849 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENSSH_VERSION = 7.1p1
+OPENSSH_VERSION = 7.1p2
OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
OPENSSH_LICENSE = BSD-3c BSD-2c Public Domain
OPENSSH_LICENSE_FILES = LICENCE
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2016-01-14 19:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-14 19:13 [Buildroot] [git commit] openssh: security bump to version 7.1p2 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.