git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	Thu, 18 Jan 2024 07:34:08 +0000 (13:04 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 22 Jan 2024 13:35:47 +0000 (03:35 -1000)
commit	a0561ca36bd3be8f44d11908caaf8c9ce5f69032
tree	f62583af3c6b2bbe0005c04352fa211e9cbcd0c9	tree
parent	82e67bd9c77f0c5cbb652ca91071b9e57bdcfb33	commit \| diff

openssh: Fix CVE-2023-51385

OS command injection might occur if a user name or host name has shell
metacharacters, and this name is referenced by an expansion token in
certain situations. For example, an untrusted Git repository can have a
submodule with shell metacharacters in a user name or host name.

This patch fixes the above issue

Link: http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.11.debian.tar.xz
Link: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssh/openssh_8.2p1.bb		diff \| blob \| blame \| history