guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/1] openssh: Fix CVE-2015-8325

From: Leo Famulari
Subject: [PATCH 0/1] openssh: Fix CVE-2015-8325
Date: Fri, 15 Apr 2016 14:22:54 -0400 
Debian has applied an upstream patch to fix CVE-2015-8325 [0][1][2] in
OpenSSH [3].

OpenSSH builds and seems to work with this patch.

I can't find any public and "official" announcement of this issue yet.
For example, not from Mitre or OpenSSH themselves, aside from the
OpenSSH commit log. For this reason, I want to wait for an "okay" from
other Guix developers.

Please advise, and feel free to apply the patch yourself if appropriate.

[0]
https://security-tracker.debian.org/tracker/CVE-2015-8325

[1]
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

[2]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325

[3]
http://www.openssh.com/portable.html

Leo Famulari (1):
  gnu: openssh: Fix CVE-2015-8325.

 gnu-system.am                                    |  1 +
 gnu/packages/patches/openssh-CVE-2015-8325.patch | 31 ++++++++++++++++++++++++
 gnu/packages/ssh.scm                             |  3 ++-
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/openssh-CVE-2015-8325.patch

-- 
2.7.3
reply via email to
[Prev in Thread] Current Thread [Next in Thread]