<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/openssh/openssh.hash, branch 2016.11.2</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2016.11.2</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2016.11.2'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2016-12-19T22:14:28+00:00</updated>
<entry>
<title>openssh: security bump to version 7.4p1</title>
<updated>2016-12-19T22:14:28+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-12-19T16:27:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=3a8611ea041e692f10558fccda409e12915fd3bd'/>
<id>urn:sha1:3a8611ea041e692f10558fccda409e12915fd3bd</id>
<content type='text'>
Fixes:
CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist
CVE-2016-10010 - sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root'
CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc()
CVE-2016-10012 - sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could be
elided by some optimising compilers

http://seclists.org/oss-sec/2016/q4/708

Drop upstream patch.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit ae58da71111c9a9825fa8dab1338831ff38dc320)
</content>
</entry>
<entry>
<title>openssh: bump version to 7.3p1</title>
<updated>2016-08-01T20:11:31+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-08-01T13:19:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b0e524be37856dc433b48103cf17ac6f8983445f'/>
<id>urn:sha1:b0e524be37856dc433b48103cf17ac6f8983445f</id>
<content type='text'>
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: security bump to version 7.2p2</title>
<updated>2016-03-10T19:49:57+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-03-10T18:34:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=55a94ec8936571df586d4f53ffc1355c651a63d3'/>
<id>urn:sha1:55a94ec8936571df586d4f53ffc1355c651a63d3</id>
<content type='text'>
Fixes:
CVE-2016-3115 - sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssh: bump to version 7.2p1</title>
<updated>2016-02-29T20:45:32+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-02-29T11:59:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0c62637bdd473236d50ec459c9074ad8a8834129'/>
<id>urn:sha1:0c62637bdd473236d50ec459c9074ad8a8834129</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: security bump to version 7.1p2</title>
<updated>2016-01-14T19:13:57+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-01-14T17:55:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2ff0e32e254e3ee6d96f6b13b7bf182b4e1def73'/>
<id>urn:sha1:2ff0e32e254e3ee6d96f6b13b7bf182b4e1def73</id>
<content type='text'>
Fixes:

CVE-2016-0777 - Client Information leak from use of roaming connection
feature.

CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH
client roaming feature was implemented. A malicious server could
potentially use this flaw to execute arbitrary code on a successfully
authenticated OpenSSH client if that client used certain non-default
configuration options.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Reviewed-by: James Knight &lt;james.knight@rockwellcollins.com&gt;
Tested-by: James Knight &lt;james.knight@rockwellcollins.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssh: security bump to version 7.1p1</title>
<updated>2015-08-25T20:41:08+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-08-25T18:53:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0916daeff1056f930736bd4b644aff986b8eb88a'/>
<id>urn:sha1:0916daeff1056f930736bd4b644aff986b8eb88a</id>
<content type='text'>
Fixes:
CVE-2015-6563 - Fixed a privilege separation weakness related to PAM
support.
CVE-2015-6564 - Fixed a use-after-free bug related to PAM support that
was reachable by attackers who could compromise the pre-authentication
process for remote code exectuion.
CVE-2015-6565 - incorrectly set TTYs to be world-writable.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssh: bump to version 6.9p1</title>
<updated>2015-07-02T08:59:22+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-07-01T10:44:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=ad460e4930166df9163ab811475de1028d4cc589'/>
<id>urn:sha1:ad460e4930166df9163ab811475de1028d4cc589</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: bump to version 6.8p1</title>
<updated>2015-03-18T13:38:49+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-03-18T10:42:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7ff67b5d413f49431773c06deb05fa5efad9c1be'/>
<id>urn:sha1:7ff67b5d413f49431773c06deb05fa5efad9c1be</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: mention release announcement in hash file</title>
<updated>2014-10-07T19:04:20+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2014-10-07T18:59:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=3227f30c5bdea0e4aa147134ccfab282cc438328'/>
<id>urn:sha1:3227f30c5bdea0e4aa147134ccfab282cc438328</id>
<content type='text'>
Also, add sha1 hash from the announcement.

Cc: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssh: bump to version 6.7p1</title>
<updated>2014-10-07T12:56:42+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2014-10-07T11:11:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=cf197b2d18b5ac4fabd0a16e58f6800b42bbff45'/>
<id>urn:sha1:cf197b2d18b5ac4fabd0a16e58f6800b42bbff45</id>
<content type='text'>
Also add hash file.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
