]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a8d3b89) | patch
openssh: fix for CVE-2014-2653
authorChen Qi <Qi.Chen@windriver.com>
Tue, 13 May 2014 07:46:27 +0000 (15:46 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 13 May 2014 18:26:34 +0000 (19:26 +0100)
commit7b2fff61b3d1c0566429793ee348fa8978ef0cba
tree248c4e2993e9d36a51c4b6b476011d7eec034659tree | snapshot
parenta8d3b8979c27a8dc87971b66a1d9d9282f660596commit | diff
openssh: fix for CVE-2014-2653

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and
earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking
by presenting an unacceptable HostCertificate.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2653.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssh/openssh_6.5p1.bb diff | blob | history
Mirror of the official openembedded-core repository