package/openssh: security bump to version 8.9p1
Security Near Miss ================== * sshd(8): fix an integer overflow in the user authentication path that, in conjunction with other logic errors, could have yielded unauthenticated access under difficult to exploit conditions. This situation is not exploitable because of independent checks in the privilege separation monitor. Privilege separation has been enabled by default in since openssh-3.2.2 (released in 2002) and has been mandatory since openssh-7.5 (released in 2017). Moreover, portable OpenSSH has used toolchain features available in most modern compilers to abort on signed integer overflow since openssh-6.5 (released in 2014). Update license (md5crypt removed, bcrypt relicensed to BSD-3-Clause: https://github.com/openssh/openssh-portable/commit/a5ab4882348d26addc9830a44e053238dfa2cb58 https://github.com/openssh/openssh-portable/commit/158bf854e2a22cf09064305f4a4e442670562685 https://github.com/openssh/openssh-portable/commit/c0459588b8d00b73e506c6095958ecfe62a4a7ba) https://www.openssh.com/txt/release-8.9 Signed-off-by:Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
Loading
Please register or sign in to comment